Threat Database Ransomware Nordteam Ransomware

Nordteam Ransomware

Ill-minded threat actors have created a new ransomware threat based on the Spora Ransomware family. By using a strong encryption routine, Nordteam Ransomware is capable of locking a wide range of file types, leaving them in a completely unusable state. Affected users will notice that they can longer open their photos, PDFs, documents, archives, databases, etc. 

The Nordteam Ransomware will assign a unique ID string to each infected device. It also will append a random 4-character string at the end of the encrypted files' original names. After all targeted file types on the victim's device have been locked, the threat will proceed to deliver its ransom note. In fact, the Nordteam Ransomware creates two different ransom-demanding messages. One inside a file named 'ReadMe.hta' and the other as a text file named '[victim's_ID] ReadMe.txt.'

Demands Overview

Opening the first ransom message in the '.hta' file, victims will be provided with very little useful information. It just mentions that affected users should contact the attackers via the two provided email addresses - '' and '' The other ransom note also mentions the emails but contains a lot more details.

It reveals that the hackers also have supposedly managed to collect important or confidential data from the breached systems. If victims refuse to pay the demanded sum, the threat actors will publish the obtained private information to the public. The note also states that the size of the ransom will depend on how fast victims contact the cybercriminals. After 48 hours the price of the ransom will be doubled. 

The message found inside the 'ReadMe.hta' file reads: 

'Files Encrypted Need Decrypt ? Contact Us At : OR'

The ransom note delivered as a text file is:

'Your Data Is Locked And Important Data Downloaded xls,PDF Files, Documents,Invoices .. .

For Decrypting Files You Should Buy Our Decryption Program And We Will Send You Decryption Tools And Remove Your Important Files From Servers.

If No Payment Is Made We Will Publish Your Important Data Or Sell/Send Them To Your Competitors And If Don't Want To Pay Your Decryption Key Will Be Deleted From The Servers.

* WARNING: *  No One Else Can Help You ,Don't Waste Your Business Time , Anyone/Any Company Offering Help Will Get Extra Fee Added To Us Or Simply Will Scam You.

Your Personal ID: 

Our Email Address:

If You Don't Receive A Response Within 24 Hours From The First Email Please Email Us At :

If You Don't Contact Us Within 48 Hours Decryption Price Will Doubles ,This Is Just Business To Get Benefits .

The Price Depends On How Faster You Contact Us , Send Personal ID And Check Mail Spam .

What Is Our Guarantee ?

You Can Send Some Files For Decryption Test, We Will Decrypt Them And Send To You.



Do Not Modify,Rename Infected Files.

Using Third-Party , Recovery Softwares May Corrupt Your Data Forever.


Buy Bitcoin :

Coindesk Link :


LocalBitcoins Link And You Can Get More Info At Google :



Most Viewed