Threat Database Ransomware NSMF Ransomware

NSMF Ransomware

By CagedTech in Ransomware

The NSMF Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source ransomware platform that was released in the Summer of 2015. Since the release of HiddenTear, countless variants of its ransomware platform have been released, ranging from sophisticated threat campaigns to ransomware Trojans that could be seen as a prank or joke. The NSMF Ransomware is not a sophisticated threat. However, since it is based on HiddenTear, the NSMF Ransomware does carry out an effective encryption ransomware attack which will make its victims' files inaccessible.

How the NSMF Ransomware may Enter a Computer

PC security researchers advise computer users to take steps to protect their machines from the NSMF Ransomware and similar ransomware attacks, mainly through the use of a reliable security application and having backup copies of their files. Backups are extremely important because ransomware Trojans are designed to encrypt the victims' files, making them inaccessible, and then demanding the payment of a ransom from the victim to deliver the decryption key needed to recover the affected files. Having backups removes the con artists' leverage completely, preventing them from demanding ransom payments since computer users can simply recover the affected files from the backup copy.

The NSMF Ransomware may enter a computer after the victim opens a spam email attachment. These threats may often use social engineering techniques that involve tricking computer users into opening corrupted file attachments by disguising them as messages from legitimate companies such as banks, social media websites or online retailers. The file may be delivered by including a bad macro script inside an innocuous looking file, which takes advantage of vulnerabilities in the Windows operating system to install the NSMF Ransomware onto the victim's computer.

How the NSMF Ransomware Carries out Its Ransomware Attack

The NSMF Ransomware identifies the files encrypted in its attack with the file extension '.nsfm' and demands a large ransom of 5 BitCoins (approximately $13,000 USD at the current exchange rate) to recover the affected files. The NSMF Ransomware encrypts the victims' files using a combination of the AES and RSA encryptions, making the victims' files inaccessible. Once the NSMF Ransomware encrypts the files, it becomes impossible to recover the affected files without the decryption key, which the on artists hold in their possession. The NSMF Ransomware takes the victim's files hostage for ransom. The NSMF Ransomware, then, delivers a ransom note in the form of a text file, which is dropped on the infected computer. The NSMF Ransomware's ransom note is a file in TXT format named 'readme.tx,' which contains the following message:

'Files has been encrypted with NSMF (Nigga Stone My Files)
Send me 5 bitcoins or pizza
And I also hate night clubs, desserts, being drunk.

Responding to the NSMF Ransomware Ransom Note

There is no real guarantee that the people responsible for the NSMF Ransomware attack will deliver on their promise to help the victim recover the affected files. There is, in fact, no way for the victim to receive the decryption tool after making the payment, which is quite substantial (most ransomware Trojans demand payments between $500 and $1500 USD currently). Paying these ransoms is never a good idea, regardless of the amount. Paying them allows the con artists to continue producing threats like the NSMF Ransomware and claiming new victims. Instead, computer users need take preventive steps to ensure that their machines are well-protected against tactics like the NSMF Ransomware. The simple use of a backup system, coupled with a reliable invulnerable to attacks like the NSMF Ransomware. In fact, if enough computer users have backup copies of their files, these attacks would most likely disappear entirely.


Most Viewed