Norvas Ransomware

Norvas Ransomware is yet another ransomware threat emerging on the Web. It is a variant of the popular STOP Ransomware; in fact, it is the 67th discovered variant of this ransomware threat. Cybercriminals see creating such ransomware threats as a low-effort, high-reward initiative. They slightly alter the code of the original threat and create their own version to target and scam regular Internet users for their own profit.

It is believed that the creators of Norvas Ransomware spread it via fake update requests, emails containing infected attachments, and bogus pirated software. If the authors of Norvas Ransomware succeeded in tricking you into giving them access to your system, your PC would be quickly scanned, and the threat will recognize the data it will target. Usually, that is most of the common file types such as .mp4, .mp3, .jpg, .docx, .pptx, .mov, .png, .gif, etc. Norvas Ransomware would then proceed to encrypt these files and thus render them unusable. Upon encryption, Norvas Ransomware adds its extension - '.norvas.' This would mean that if you had a file called 'swamp.png' it Norvas Ransomware would rename it to 'swamp.png.norvas.' The next step is for Norvas Ransomware to drop its ransom note, which goes by the name '_readme.txt.' In the note, the authors do not specify the sum they demand, but they provide the victim with an email address where they could contact the attackers – vengisto@india.com.

It is not a good idea to contact cyber criminals like the ones behind Norvas Ransomware. They are very likely to simply scam you out of your money and not provide you with the decryption tool promised no matter how much they may insist otherwise. The best approach would be to download a reputable anti-malware tool, which would clear your computer of Norvas Ransomware and then if you wish, you may attempt to recover some data using a file-recovery application.