Most authors of ransomware are not very creative. They often use the code of already established threats and barely apply any modifications to it. However, this is not what is going on with the Nodera Ransomware. This brand-new data-locking Trojan is written in the Node.js programming language – a very unusual approach. It is likely that the authors of the Nodera Ransomware have built this file-encrypting Trojan from scratch.
Propagation and Encryption
It is not known yet what is the propagation method employed in the spreading of the Nodera Ransomware. Some experts believe that the attackers might have utilized spam emails to distribute this Trojan. The targeted user would receive an email that appears to be sent by a legitimate company or a government body. The email contains a fake message and a macro-laced attachment. The goal of the bogus message is to trick the user into executing the attached file, which will allow the threat to compromise their system. Torrent trackers, fake application downloads, malvertising are among other popular propagation methods that authors of ransomware threats tend to use. After compromising the targeted PC, the Nodera Ransomware scans the user’s files and begins its encryption process. The Nodera Ransomware uses a complex encryption algorithm to lock the victim’s files. After the encryption process is completed, the user may notice that their files have been renamed. The Nodera Ransomware adds an extension at the end of the victim’s filenames – ‘.encrypted.’ Therefore, a file, which was initially named ‘snowy-day.jpeg,’ will be renamed to ‘snowy-day.jpeg.encrypted.’ All the locked files will be unusable.
The Ransom Note
To get their message across, the attackers have made sure their threat drops a ransom message on the user’s desktop. The Nodera Ransomware drops two files on the compromised system ‘Decrypt-your-files.bat’ and a note containing instructions on how to obtain Bitcoin for users who are unaware ‘How-to-buy-bitcoins.html.’ In the note, it is mentioned that the ransom fee required is 0.4 Bitcoin (approximately $3,700 at the time of typing this post). However, interestingly enough, the authors of the Nodera Ransomware have not provided any contact details, making it impossible for their victims to get in touch with them or process the payment. Furthermore, in the note, the attackers state that the victim’s decryption key will be destroyed on the first of March, 2018.
Even if the attackers had provided contact details, it is always best to avoid interacting with cyber crooks. Do not give such individuals your hard-earned money as they rarely deliver on their promises, and chances are your files would remain encrypted even if you pay up. Instead, consider investing in a reputable antivirus software suite that will rid you of the Nodera Ransomware once and for all.