Nuclear Ransomware

The Nuclear Ransomware was first observed on August 28, 2017. The Nuclear Ransomware is an encryption ransomware Trojan designed to infect computers running the Windows operating system. The Nuclear Ransomware targets English-speakers and carries out a typical ransomware Trojan tactic, encrypting the computer users' files to demand a ransom payment in exchange for the decryption key. Apart from targeting computer users, the Nuclear Ransomware seems to also target small and medium sized businesses, as well as Web servers in its attack. The most common way of distributing the Nuclear Ransomware is through corrupted spam email attachments.

How the Nuclear Ransomware Tries to Extort PC Users

The Nuclear Ransomware is a variant of the BTCWare Ransomware, a known ransomware Trojan that had several new variants appearing in August 2017. There is little to differentiate the Nuclear Ransomware from other variants in its threat family. The Nuclear Ransomware uses the AES 256 encryption in its attack, targeting computer the user-generated files while keeping the victim's operating system functional. The Nuclear Ransomware will target photos, movies, audio, video, music, text files, and numerous commonly used file types. The files that are encrypted by the Nuclear Ransomware's attack will be renamed by adding the string '.[black.world@tuta.io].nuclear' to the end of the file's name. Once a file has been encrypted and renamed, it will no longer be accessible; the victim's software will not be able to open the file, and its contents will be corrupted. This is what makes threats like the Nuclear Ransomware so harmful particularly: even if the Nuclear Ransomware itself is removed with a reliable security program, the damage will already be done, and the victim's files will remain encrypted until the victim agrees to pay the ransom or deletes them and restores them from a backup copy.

The Nuclear Ransomware’s Ransom Message and Demands

The Nuclear Ransomware's ransom note demands the payment of a ransom in Bitcoins delivered to a particular Bitcoin wallet. The Nuclear Ransomware's ransom note is contained in an HTA file named 'HELP.hta' dropped on the infected computer's desktop. Avoid following the instructions contained in the Nuclear Ransomware's ransom note. Instead, computer users should restore their files from a file backup. This is because paying these ransoms allows these people to continue creating or paying for ransomware Trojan kits like the Nuclear Ransomware. Con artists also will rarely keep their word and deliver the decryption key or other means of recovery after the victims make the ransom payment. In fact, they may ask for even more money or target the computer users for further infections since they've already shown willingness to pay the ransom once. The following is the full text contained in the Nuclear Ransomware's ransom note:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail black.world@tuta.io
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The above ransom note is accompanied by an image of the Bitcoin logo and may be related to other content, depending on the variant infecting the victim's computer.

SpyHunter Detects & Remove Nuclear Ransomware