Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Português
Threat Database Ransomware NOV Ransomware

NOV Ransomware

By GoldSparrow in Ransomware
Translate To:
English

A new threatening ransomware belonging to the infamous and rather prolific Dharma Ransomware family has been detected in the wild. Called the NOV Ransomware, the threat seeks to breach users' computers and then initiate an encryption routine. As a result, files that were perfectly fine just a moment ago will be rendered inaccessible and unusable suddenly. After locking users out from their own personal or business-related files, the hackers will extort them in exchange for the tool needed to restore the data. 

The NOV Ransomware changes the names of the files it affects drastically. The threat first appends an email address that is under the control of the hackers to the original filename and then adds a new extension - '.NOV.' The email address is 'yourfiles1@cock.li.' Upon completing its encryption routine, the NOV Ransomware will deliver its ransom note with instructions for the victims. To minimize the chances of the affected users failing to notice the message, the threat delivers it in two separate forms. The first is as text files named 'MANUAL.txt' while the second is displayed in a pop-up window. 

The text found after opening the files is extremely brief, simply telling victims of the ransomware threat to contact either the 'yourfiles1@cock.li.' address or a second email at 'tcprx@tutanota.de.' The pop-up window offers some more clarity. It states that the secondary email address should only be used if the user doesn't receive an answer for 12 hours after contacting the first email. It also contains various warnings, such as attempting to decrypt the locked files with a third-party software tool could cause permanent damage and render the data unsalvageable.

The text delivered in the text files is:

'all your data has been locked us

You want to return?

write email yourfiles1@cock.li or tcprx@tutanota.de'

The ransom note displayed in the pop-up window is:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, write to the mail: yourfiles1@cock.li

If you have not answered by mail within 12 hours, write to us by another mail:tcprx@tutanota.de

!ATTENTION!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Related Posts

Trending

Most Viewed

Loading...