The NocryCrypt0r Ransomware appears to be a unique crypto locker threat that has not been classified as a variant of any of the already existing ransomware families. It operates as a typical malware of this type, though, as it aims to sneak itself onto the target's computer system, initiate an encryption algorithm that will effectively lock all of the stored files, and then extorts its victim for the potential restoration of the data.
When the NocryCrypt0r Ransomware locks a file, it will append '.partially.nocry' to the original filename as a new extension. The criminals behind the NocryCrypt0r Ransomware leave a set of instructions for their victims that are dropped as text files named 'CryptoJoker Recovery Information.txt' in every folder with encrypted files in it.
Unlike many other ransomware threats, NocryCrypt0r doesn't impose any time limitations on its victims - it doesn't threaten to either destroy the decryption keys or increase the ransom amount after an arbitrary period has passed. The note states the ransom amount that the hackers want to receive clearly, which is the equivalent of €50 paid in Bitcoin. No email address is provided for contact with the hackers. Instead, they instruct their victims to send the money to the cryptocurrency wallet address found in the ransom note and include their own email in the 'Extra Notes' or 'optional message' box available transaction.
The full text of the NocryCrypt0r Ransomware's note is:
'Hello! I am NocryCrypt0r
My name is NocryCrypt0r. I have encrypted all your precious files, including images, videos,
songs, text files, word files and etc. So long story short, you are screwed... but you are lucky
in a way. Why is that ?? I am ransomware that leave you an unlimited amount of time to gather the money
to pay me. I am not gonna go somewhere, neither do your encrypted files.
1. Can i get my precious files back??
Answer: Ofcourse you can. There is just a minor detail. You have to pay to get them back.
2. Ok, how i am gonna get them back?
Answer: You have to pay 50€ in bitcoin.
3. There isn't any other way to get back my files ?
Answer: Nahhh. Just our service.
4. Ok, what i have to do then ?
Answer: Simply, you will have to pay 50€ to this bitcoin address: 1yh3eJjuXwqqXgpu8stnojm148b8d6NFQ . When time comes to send me the money, make sure to include your email and your personal ID(you can see it bellow) in the extra information box (it may apper also as 'Extra Note' or 'optional message') in order to get your personal decryption key. It may take up to 6-8 hours to take your personal decryption key.
5. What the heck bitcoin is ?
Answer: Bitcoin is a cryptocurrency and a digital payment system. You can see more information here: https://en.wikipedia.org/wiki/Bitcoin . I recommend to use 'Coinbase' or 'Bitcoin Wallet' as a bitcoin wallet, if you are new to the bitcoin-wallet. Ofcourse you can pay me from whatever bitcoin wallet you want, it deosn't really matter.
6. Is there any chance to unclock my files for free ?
Answer: Not really. After 1-2 or max 3 years there is propably gonna be released a free decryptor. So if you want to wait... it's fine. As i said, i am not gonna go somewhere.
7. What i have to do after getting my decryption key ?
Answer: Simple. Just press the decryption button bellow. Enter your decryption key you received, and wait until the decryption process is done.
Your personal ID:'
Should I Pay the Ransom?
Experts recommend that you never pay the ransom, no matter what. There is no guarantee that the criminals behind NocryCrypt0r will live up to their end of the deal. Attackers are more likely to disappear as soon as they get your money, leaving you without money as well as your files. Even if they did provide a decryption key, paying the attackers only encourages them to continue hacking others for more profit. The only way to beat ransomware authors is to not give in to them.
What Should Victims Do?
The first thing you should do if you become a victim of NocryCrypt0r is to remove it from your computer. Most antivirus and antimalware programs can detect and remove it. You can get your files back by using a data backup. The more backups you have of your data, the better. It’s best to keep one offline copy and one online copy. If you don’t have any data backups, you might get lucky with file recovery software.
How Is NocryCrypt0r Spread?
Ransomware such as NocryCrypt0r generally spreads through spam email attachments, including Microsoft Office documents and PDF files. Attackers disguise these attachments as urgent messages from reputable companies, such as shipment information from FedEx. The reality is that these attachments contain malicious code to install and run malware on your computer. Ransomware also spreads through peer-to-peer downloads, in particular software cracks and keygens.
How to Protect Against Ransomware
Avoiding ransomware doesn’t have to be complicated. The main thing is that you should be more careful when browsing the internet. Never open or interact with emails from suspicious sources. These emails likely contain malicious attachments to target your computer. Also, avoid downloading and illegally activating paid software from torrenting sites. Illegal downloads constitute a significant infection risk.