Nusar Ransomware

Cybersecurity researchers have come across a new ransomware threat recently. This new data-encrypting Trojan is named Nusar Ransomware, and when dissected, it revealed that it is a variant of the infamous STOP Ransomware.

It is not yet known how the authors of the Nusar Ransomware are spreading it. However, some believe that the propagation methods employed may include mass spam email campaigns, faux software updates, and infected pirated copies of legitimate applications. A scan will be performed as soon as the Nusar Ransomware manages to gain access to a computer. This is done to detect the locations of the files, which the Nusar Ransomware has been programmed to go after. To cause maximum damage, it is likely that the Nusar Ransomware targets all sorts of files – documents, audio and video files, pictures, databases, etc.

When the Nusar Ransomware locks a file, it applies a ‘.nusar’ extension to the name of the encrypted file. For example, a file, which was named ‘hey-jude.mp3’ initially will be renamed to ‘hey-jude.mp3.nusar,’ and you will no longer be able to play it. Following the pattern of almost all ransomware threats that belong to the STOP Ransomware family, the Nusar Ransomware will drop a ransom note named ‘_readme.txt.’ The note is not very detailed, and the attackers do not mention a specific sum, regarding the ransom fee. They provide the user with an email address where they expect to be contacted – ‘gorentos@bitmessage.ch.’

Authors of ransomware are not trustworthy individuals. They often claim that as long as you pay up, they will recover all your data. This is rarely the case, however. Once you pay them, they have no incentive to bother delivering on their promises. This is why you should not give cash to cybercriminals particularly. A safer approach is to download and install a legitimate anti-spyware software suite and use it to wipe the Nusar Ransomware off your PC.