Nulltica Ransomware

The Nulltica Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source encryption ransomware platform that was first released in August 2015. Since HiddenTear was first released, it has spawned countless variants. The Nulltica Ransomware, one of the latest HiddenTear variants, was released in September 2017. The Nulltica Ransomware adds the file extension '.lock' to the affected files and displays a ransom note in a program window labeled 'information.' The Nulltica Ransomware demands a ransom of 50 USD, to be paid using Bitcoins. The Nulltica Ransomware will not restore the affected files to their original state, but will instead add the file extension '.unlock' after the payment has been made.

There's a Connection Between the Nulltica Ransomware and the Polski Ransomware

The Nulltica Ransomware is linked to another encryption ransomware Trojan released earlier in 2017 and known as the Polski Ransomware. One link between these two ransomware Trojans is that the Nulltica Ransomware also tries to collect Facebook login information and this threat seems to use social media as part of its distribution strategy. The Nulltica Ransomware drops a ransom note after encrypting the victim's files. This ransom note, displayed in a program window on the infected computer, delivers the following message to the victim:

'Your files have been blocked
Your files is encrypted (AES 256). You need a individual key to unlock your files.
Instruction how to unlock:
1. Create bitcoin wallet (coinbase, bitpay or any else)
2. Pay 50 usd to this wallet (bank card, transfer)
3. Send 50 usd (if you don't know how many usd = btc – calculate with this website http://www.coindesk(.)com/calculator/ – for now 50 usd = 0.02 BTC
4. Okay, now get your wallet address and put in on the left side, below 'If you already paid'
5. Click 'unlock and remove the program'
6. That's it.
Warning: If you already paid and you have information 'We don't have your payment yet', you must waiting.. (Usually max. 12h)
Unlock
Pay 50 usd to this BTC address
1MEnyVaoE5Wjzqedv74q1LB83ekULgMDK
If you already paid
Enter the bitcoin address which you sent
Unlock and remove the program'

Although the Nulltica Ransomware's ransom is relatively small compared to many other encryption ransomware Trojan, there are some payment options, PC security researchers strongly advise against paying the ransom associated with the Nulltica Ransomware. It is very improbable that the con artists will restore the affected files to their normal state. Since the Nulltica Ransomware is a variant of HiddenTear, it is likely that the Nulltica Ransomware will encrypt various file types, which include:

.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp.

One of the main reasons why the Nulltica Ransomware may try to obtain Facebook login data is that the accounts hijacked by these con artists are one of the main ways in which they can spread threats like the Nulltica Ransomware since they'll try to spread corrupted links and contents to the victim's Facebook friends.

Protecting Your Data from Threats Like the Nulltica Ransomware

The best protection against threats like the Nulltica Ransomware is to have file backups on the cloud or external devices. Keeping updated backup copies of your files, you can restore them quickly instead of having to consider paying the con artists. Since the Nulltica Ransomware uses a strong encryption method, it may not be possible to decrypt the affected files currently. The Nulltica Ransomware itself can be removed easily with the help of a reliable security program, though, even if the affected data cannot be restored. A combination of anti-malware software and file backups will protect you from threats like the Nulltica Ransomware completely.