NSB Ransomware

The NSB Ransomware is named after the "National Security Bureau" slogan shown to affected users. The NSB Ransomware is a file encoder Trojan that was reported on July 20th, 2018. The malware appears to pose as a message from China's National Security Bureau. The NSB Ransomware is known to apply an AES cipher to user-generated files and produce a screen locker message that includes the "National Security Bureau" slogan, but it should not be mistaken for a legitimate security alert. NSB Ransomware may be distributed to users with unlocked copies of otherwise paid software and game cracks. The malware may lurk in fake cheating engines for Epic's 'Fortnite' game and fake companion apps associated with Tencent's QQ platform. NSB Ransomware is reported to turn files into executables that launch the "National Security Bureau" Screen Locker. Images, text, audio, videos, and databases may retain their original appearance and appear in the file explorer with their default extensions, but the hidden file headers include commands to load the NSB Screen Locker when double-clicked. Affected users are shown a blue screen with white text on top that says:

'NATIONAL SECURITY BUREAU NSB
Your computer was automatically blocked. Reason: Pirated software found on this computer.
Your computer is now blocked. 184 files have been temporarily blocked on your computer. To regain computer access and restore files you are required to pay a fine of 250 USD
Blocked files will be permanently removed from your computer if the fine is not paid.
The NSB has two ways to pay a fine:
1. You can pay your fine online through BitCoin.BitCoin is available nationwide.
Click the tabs below to find the nearest vendor.
Your computer will be unlocked after you make your payment.
2. You can come to your provincial courthouse and pay your fine at the Cashiers window.
Your computer will be unlocked within 4-5 working days.
To regain access transfer bitcoins to the following address (click to copy): 1913tX7Nmil6o8qcTT2Uv9cSBVzN3oEozpv After the payment is finalized enter Transfer ID below.
Amount: BTC 0.661
Transfer ID: [random characters]
[PAY FINE|BUTTON]
If the fine is not paid, a warrant will be issued for your arrest, which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years.
Payment BitCoin Information Bitcoin Exchanges Bitcoin ATMs Internet Browser Notepad'

The threat actors may demand payment of 200 USD in Bitcoin (≈0.026 BTC at the time of research) in exchange for the necessary decryption program that would unlock your data. We have not received reports that suggest you can expect to receive a decryptor from the NSB Ransomware team if you transfer the requested amount of Bitcoin. Leading cybersecurity experts encourage users to use backup services to rebuild their files structure as opposed to complying with the terms proposed by Ransomware operators. Remove the NSB Ransomware using a trusted anti-malware product and take advantage of cloud storage services as a way to securely protect your data. AVs detect code associated with the NSB Ransomware and mark it with the following names:

BC.Win.Virus.Ransom-9157.A
BehavesLike.Win32.VirRansom.hc
PE_VIRLOCK.F
TR/Crypt.XPACK.Gen7
Virus ( 0040f99f1 )
Virus-Ransom.FileLocker
Virus.PolyRansom.Win32.1
Virus.Virlock.Gen.AAJ
Virus.Win32.PolyRansom.a
Virus/Win32.PolyRansom.a
W32/S-bcd1d305!Eldorado
Win32.Virlock.Gen.4
malicious.dc532a