NW24 Ransomware
The Dharma family of ransomware is one of the most populous and dangerous. The ransomware has once again appeared on the world stage with a new variant. This new version of Dharma encrypts files with a ".NW24" file extension to make them inaccessible. As such, this latest addition to the family has been dubbed NW24 Ransomware.
Table of Contents
What is NW24 Ransomware?
The NW24 ransomware encrypts files on a computer and displays a ransom note explaining how victims can restore their data. The virus falls under the Dharma family of ransomware, which includes several of the worst ransomware around. Malware researchers discovered the latest strain and warned users about it.
The ransom note displayed by NW24 is shown below:
YOUR FILES ARE ENCRYPTED
Don’t worry,you can return all your files!
If you want to restore them, follow this link:email Newhelper24@protonmail.ch YOUR ID –
If you have not been answered via the link within 12 hours, write to us by e-mail:
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
And the text document called FILES ENCRYPTED.txt states:
all your data has been locked us
You want to return?
write email newhelper24@protonmail.ch or
You should never pay the ransom demand under any circumstances. The criminals behind NW24 want you to pay them in return for them restoring your files, much like with other ransomware viruses. However, there is no evidence that the attackers live up to their end of the bargain. There is, however, plenty of evidence that they won’t. Paying the ransom is a risk you don’t want to take.
The NW24 ransomware may establish persistence on a computer, meaning that it runs every time you start Windows, by altering the Windows registry. The encrypted files have their extension changed to ".NW24" to make them inaccessible. The new file name also includes the unique identifier number for the victim, allowing attackers to keep track of who they are talking to. The virus targets images, videos, music, documents, banking data, and backups.
NW24 may delete the Shadow Volume Copies of data on your computer, which makes it more difficult to restore data without an external backup.
How Does NW24 Spread?
Like most ransomware, NW24 has several potential infection vectors. The virus may be spread through a payload dropper, which triggers the script to install the virus. This payload dropper is distributed through several different means, such as hiding in torrent files and malspam emails. Freeware is a common source of malware as criminals disguise their viruses as legitimate programs.
One thing to note about this ransomware is that the source code for Dharma has been offered on hacking forums for around $2,000. This means that anyone can buy the source code and use it as they want. Dharma will likely continue to be developed so that it continues to sell.
How to Protect Against Ransomware Attacks
One of the most important things you can do to protect against malicious programs is not to download and install software through unofficial websites and installers, third-party downloaders, and peer-to-peer networks such as torrent sites. You should always use official channels to get your software and avoid using pirated software. Illegal software is packed with "cracks" that activate the software. More often than not, these tools install malware instead of, or along with, activating the software. Programs and operating systems should be updated whenever possible, but make sure these updates come from official channels.
You should avoid interacting with website links and attachments in emails sent from suspicious and unknown addresses. There is the chance that these emails have been sent by cybercriminals to spread their malicious programs and catch you in a trap.
Last but not least, you should keep an antivirus program on your computer. Make sure this program is updated regularly with all the latest virus databases, detection, and removal methods. Be sure to run a virus scan regularly to detect infections like ViluciWare to keep your computer safe.
