Npsg Ransomware

In 2019 the most active ransomware family was undoubtedly the STOP Ransomware family. Malware analysts had spotted over two hundred variants of this pest released in 2019 alone. It would seem that even in 2020, cyber crooks have not lost interest in the STOP Ransomware family as more and more copies are emerging. Among the newest variants of this threat is the Npsg Ransomware.

Propagation and Encryption

Most authors of ransomware rely on several commonly utilized infection vectors – spam emails containing macro-laced attachments, fake pirated copies of popular applications and media, malvertising campaigns, bogus software updates, and downloads, etc. It is likely that the authors of the Npsg Ransomware have opted to use one or several of these propagation methods to spread their data-locking Trojan. The Npsg Ransomware likely targets a wide range of filetypes in order to ensure maximum damage. The more files the Npsg Ransomware locks, the more likely it is for the victim to consider paying the ransom fee demanded. Rest assured that all your documents, audio files, spreadsheets, images, archives, databases, and videos will be securely encrypted. Once the Npsg Ransomware locks a file, it will also append a new extension at the end of the filename – ‘.npsg.’ This means that a file you had named ‘lucky-rat.mp4’ will be renamed to ‘lucky-rat.mp4.npsg.’ After the Npsg Ransomware locks your files, you will not be able to execute them.

The Ransom Note

After completing the encryption process, the Npsg Ransomware drops a ransom note on the user’s system. Just like most copies of the STOP Ransomware, the ransom note of the Npsg Ransomware is called ‘_readme.txt.’ In the note, there are several key points outlined:

• Initially, the ransom fee is $490.
• Users who fail to process the payment within 72 hours have to pay double the price - $980.
• To prove to their victims that they have a working decryption key, the attackers offer to unlock one file free of charge.
• The attackers demand to be contacted via email – ‘helpmanager@firemail.cc’ and ‘helpmanager@iran.ir.’

It is never good to get in touch with cybercriminals. Even users who decide to pay the ransom fee are often left empty-handed when the cyber crooks stop replying after receiving the money they demanded. It is far safer to download and install a genuine anti-malware tool that will remove the Npsg Ransomware from your computer. Next, you can try to recover some of your data with the help of a third-party file-recovery application. However, it is unlikely that you will be satisfied by the results.