Nosu Ransomware

Ransomware threats are one of the worst malware types a regular user can stumble upon. Threats of this class make sure to sneak into their target's system, locate the data of interest, and lock it securely using an encryption algorithm. The goal is to blackmail the users into paying a ransom fee in exchange for a decryption key that will help them recover their data. Among the most recent ransomware threats uncovered is the Nosu Ransomware. This data-encrypting Trojan belongs to the most active ransomware family of 2019 – the STOP Ransomware family.

Propagation and Encryption

It has not yet been uncovered how the attackers are propagating this ransomware threat. A majority of cyber crooks who distribute file-locking Trojans opt to rely on spam emails. This entails a fake message and a corrupted attachment being sent to the targeted user normally. The goal of the message is to persuade the targets to launch the macro-laced attachment that serves to compromise their PC. Torrent trackers, compromised advertisement campaigns, bogus updates, and downloads of popular software are some of the other used tricks when it comes to the distribution of ransomware threats commonly.

The Nosu Ransomware will lock all the data on the user's system. Rest assured that any documents, images, audio files, videos, spreadsheets, databases, and archives will be encrypted by the Nosu Ransomware securely. All files locked by the Nosu Ransomware will have their names altered. This file-encrypting Trojan appends a '.nosu' extension to the newly locked files. For example, a file named 'crimson-red.jpg' will be renamed to 'crimson-red.jpg.nosu' after the encryption process has been concluded.

The Ransom Note

The Nosu Ransomware also will drop a ransom note on the user's desktop. The ransom message of the attackers is contained in a file named '_readme.txt,' which is typical for threats that belong to the STOP Ransomware family. Users who manage to contact the creators of the Nosu Ransomware within 72 hours have to pay half the price of the original ransom fee - $490. However, for victims who fail to comply, and contact the creators of the Nosu Ransomware within the deadline, the ransom fee jumps to $980. To contact the authors of the Nosu Ransomware, the user has to email them - ‘helpmanager@firemail.cc' and ‘helpmanager@iran.ir.' The criminals state that they are willing to unlock one file free of charge to prove to the user that they are capable of reversing the damage done to their data.

Avoid contacting the authors of ransomware threats as they are honest rarely, and even if you pay the fee demanded, it is highly likely they will never deliver on their promises. Instead, you should consider investing in a reputable anti-malware solution that will not only remove the Nosu Ransomware from your computer but also will make sure you do not find yourself in a similar situation in the future.