Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Polski Português Svenska Türkçe български език Русский हिन्दी 日本語 汉语 漢語 한국어
Threat Database Ransomware Nomad Ransomware

Nomad Ransomware

By CagedTech in Ransomware
Translate To:
English

The Nomad Ransomware is a variant from the prolific Dharma malware family. As such, it doesn't deviate from the typical Dharma behavior. Still, any files encrypted by the threat will be rendered inaccessible and unusable due to the encryption with a strong cryptographic algorithm. The attackers will then extort their victims for money by promising to then send them the necessary decryption key and software tool.

Whenever the Nomad Ransomware encrypts a file, it will modify that file's original name. The threat will append an ID string, followed by an email address, and finally, a new file extension. The email address used by the Nomad Ransomware is 'nomad.crypt@onionmail.org,' while the extension is '.nomad.' Two ransom notes will then be delivered to the compromised device - one inside a text file named 'info.txt' and another in a pop-up window.

Ransom Note's Overview

The two notes created by the Nomad Ransomware follow closely the typical Dharma model. The text file simply states that users must establish contact with the attackers and leaves them with two email addresses - 'nomad.crypt@onionmail.org' and 'nomad.crypt@msgsafe.io.' The instructions in the pop-up window, despite being longer, also lack any meaningful details. They reiterate the same email address and warn victims not to rename any of the encrypted files.

The full text of the note in the pop-up window is:

'YOUR FILES ARE ENCRYPTED

1024

Don't worry, you can return all your files!
If you want to restore them, write to the mail: nomad.crypt@onionmail.org YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:nomad.crypt@msgsafe.io

ATTENTION!

We recommend you contact us directly to avoid overpaying agents

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The text file contains the following message:

all your data has been locked us
You want to return?
write email nomad.crypt@onionmail.org or nomad.crypt@msgsafe.io.'

Related Posts

Trending

Most Viewed

Loading...