Nope Ransomware
The Nope Ransomware aims to infect users' computers and then lock the data stored there. The threat targets numerous files types - documents, PDFs, images, archives, databases, etc., and renders them inaccessible via a strong encryption process. Victims are then extorted for money in exchange for potentially getting their data back.
Each file affected by the Nope Ransomware will have '.toto' appended to its original name as a new extension. When all targeted files have been encrypted, the threat will proceed to deliver its ransom-demanding message. The Nope Ransomware creates two ransom notes - one will be placed as the new desktop wallpaper of the system, while the other will be dropped as a text file named '@READ_ME@.txt.'
Demands Overview
The message in the desktop image clarifies that the Nope Ransomware uses a combination of AES-256 and RSA-2048 in its encryption routine. It then instructs the affected users to find the @READ_ME@.txt and to make sure that a file named 'DO_NOT_DELETE.key' is not removed from the system. Opening the text file reveals much of the same information, apart from one crucial element - it reveals that the hackers want to receive exactly 0.1 BTC (Bitcoin) as a ransom. At the moment, 0.1 BTC is valued just below $5, 500. The money is supposed to be sent to the provided crypto-wallet address.
The entire wallpaper message is:
'All your files have been encrypted!
All your documents,photos,videos are inaccessible.
They have been encrypted with AES-256 encryption algorithm. Find on your desktop or anywhere a file named @READ_ME@.txt. Do not try to recover your files yourself. We generate a random key and encrypted it with RSA 2048 asymetric encryption. It means that to encrypt you need a public key and to decrypt you need a private key wich you don't have. Only us can get the AES-256 key from the .key file. Please, do not delete a file named DO_NOT_DELETE.keyNope Ransomware'
The full text of the ransom note in the text file is:
'Hello.
All your files have been encrypted by a ransomware.
To recover your documents,videos,photos,you need to have the decryption software.
Your files have been encrypted with AES-256 encryption alghoritm.
A key is stored in a .key file. Do not remove it!
The .key file contains the key encrypted with RSA 2048. Without it,we wont be able to decrypt your files.
To get the decryption software, you will need to pay 0.1 bitcoin at this wallet b22cc75e24f62d8110815d04aa5a5d9951a43f90fe2581f4a2ee0708d61782.
Download Tor Browser and go on that website : nothingGet pwned.'
