Nog4yH4n Project Ransomware

The Nog4yH4n Project Ransomware is an encryption ransomware Trojan that criminals use to take the victims' files hostage to demand ransom payments in exchange for returning access to the victim's files. The Nog4yH4n Project Ransomware is a variant of HiddenTear, a well-known open source ransomware Trojan that has spawned countless variants since it was first released in August of 2015. The Nog4yH4n Project Ransomware carries out a typical version of the encryption ransomware tactic and is commonly delivered to victims using corrupted spam email messages.

Symptoms of a Nog4yH4n Project Ransomware Attack

The Nog4yH4n Project Ransomware uses corrupted files with embedded macros to install itself onto the victim's computer. Once the Nog4yH4n Project Ransomware is installed, the Nog4yH4n Project Ransomware uses the AES 256 and the RSA 2048 encryption to make the victim's files inaccessible. The Nog4yH4n Project Ransomware applies its encryption algorithm to the victim's files to take them hostage. The Nog4yH4n Project Ransomware receives its name from its author, who seems to go by the alias 'NogayHan' and has been responsible for various other attacks in the past. The Nog4yH4n Project Ransomware targets the user-generated files in its attack, which may include numerous media file types, images, text files, databases and other files. The following are examples of the data targeted by the Nog4yH4n Project Ransomware:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Nog4yH4n Project Ransomware adds the file extension '.locked' to the affected file's name. The Nog4yH4n Project Ransomware will then deliver its ransom note.

The Nog4yH4n Project Ransomware's Ransom Demand

The Nog4yH4n Project Ransomware delivers its ransom note in the form of a text file and by changing the victim's desktop wallpaper image. The Nog4yH4n Project Ransomware replaces the victim's desktop background with a picture of a bunch of dollar bills with the ransom message. The Nog4yH4n Project Ransomware's ransom message also is contained in a text file named 'HACKED_NOG4YH4N.txt,' which the victims can view in their desktops. This file contains the following message:

'This computer has been hacked
Your personal files have been ecrypted. Send me BTC or food to get decryption passcode.
After that, you'll be able to see your beloved files again.
With love... Nog4yH4n Project')'

Since the Nog4yH4n Project Ransomware's admins do not present a contact information in its message, it is likely that the Nog4yH4n Project Ransomware is still in progress, or is part of a series of steps that are meant to initiate a different attack. Regardless, malware researchers advise computer users not to interact with the criminals or pay the Nog4yH4n Project Ransomware ransom.