The Nsemad Ransomware is a potent crypto locker threat that has been classified as belonging to the Snatch malware family. As s member of the Snatch malware family, Nsemad doesn't display significant modifications compared to the rest of the malware threats from this family. Nevertheless, Nsemad is powerful enough to cause significant damage if it manages to infiltrate a computer successfully.
The threat will leverage an uncrackable encryption algorithm to render all user files, both inaccessible and unusable, effectively. Only important systems files could be spared for Nsemad not to cause any critical system errors or crashes. All other file types will be encrypted - MS Office documents, PDFs, audio, video, photos, images, databases, etc. The names of all affected face will be changed to include '.nsemad' as a new extension. Instructions for the victims will be provided in text files named 'HOW TO RESTORE YOUR FILES.TXT.'
The ransom note dropped by the Nsemad Ransomware doesn't mention the exact sum that the hackers demand to receive from their victims. It is not clarified if the payment must be made using any of the numerous cryptocurrencies, either. Victims of the threat are instructed to establish contact by sending a message to the two provided email addresses - 'firstname.lastname@example.org' or 'John32Dillinger@seznam.cz.'
The ransom note reads:
'Hello! All your files are encrypted, and only we can decrypt them.
Contact us: email@example.com or John32Dillinger@seznam.cz
Write us if you want to return your files – we can do it very quickly!
The header of letter must contain extension of encrypted files.
We always reply within 24 hours. If not – check spam folder, resend your letter or try send letter from another email service (like protonmail.com).
Do not rename or edit encrypted files: you may have permanent data loss.
Do not edit or delete any virtual machines file
To prove that we can recover your files, we am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups).