Threat Database Ransomware NxRansomware Ransomware

NxRansomware Ransomware

By GoldSparrow in Ransomware

The NxRansomware Ransomware is a ransomware Trojan that can be used to encrypt the victims' files. The NxRansomware Ransomware will encrypt the victim's files to demand the payment of a ransom. The NxRansomware Ransomware was released for 'educational purposes,' although previous attacks with a similar purpose have backfired spectacularly, allowing countless ransomware Trojans to be released in the wild.

Another 'Educational and Research Purposes' Project Going Wrong

The NxRansomware Ransomware was released for 'educational and research purposes.' Unfortunately, some of the most destructive ransomware Trojans available today were based on ransomware Trojans created for similar purposes originally. Some known examples include EDA2 and Hidden Tear, both of which have spawned countless ransomware variants. Releasing these ransomware Trojans publicly puts an open source code in the hands of the fraudsters and, in most cases, it is very simple for these people to take the 'educational ransomware' and modify it to create destructive threats that can be responsible for thousands of attacks. The NxRansomware Ransomware project page on Github includes the following message, which outlines the purpose of the NxRansomware Ransomware infection:

This code is created and maintened only for a research proposal. Please do not use for other proposes.
Please, do not run the code with a release profile. It can be seriously dangerous. Really!
This project has a 2 main objectives:
Malware Side
- Prove that's possible to write a viable "product" using the .Net Framework
- Prove that is hard and painfull to anti-virus to detect this kind of virus
- Understand the execution enviroments
- Understand the technical challenges to create a real and operational ransomware
- Provide code and samples to AV companies and Security researchers
C&C (Command and Control) Side
- Build a state of art C&C system, using the latest tecnologies to prevent the backend hijack and invasion
- Create a viable, safe and secure comunication channel between the malware and C&C infrastructure without using SSL certificates
- Build a reversion proof C&C database system, using a in-memory storage and advanced cryptographic algorithms'

How the NxRansomware Ransomware can Spawn Numerous Copycats

Since the release of this project, the source code has forked 13 times, and it has been copied countless times. The con artists will be able to weaponize the NxRansomware Ransomware to create a commercial ransomware that can claim real victims online. The NxRansomware Ransomware has caught the attention of the computer security community just recently. One aspect of the NxRansomware Ransomware that is particularly threatening is that it is written using Microsoft's .NET Framework, included with Windows 10 and present on most recent computers running Windows. This means that the NxRansomware Ransomware can run its attack on most computers and minimize detection. This technique is not as common and has only been observed in a handful of established ransomware Trojans.

Preventing the NxRansomware Ransomware Attacks

The NxRansomware Ransomware's initial release runs as 'GoogleUpdate.exe' and can hijack various file associations to bypass a message from the User Account Control. Malware analysts suspect that the NxRansomware Ransomware will spawn a new wave of ransomware Trojans, since it puts this code in the hands of more inexperienced threat developers, making a threat development more accessible and simple to carry out. This makes to ensure that your computer is well protected against the NxRansomware Ransomware and similar attacks. Computer users should backup all files and use a security product that is fully up-to-date to protect their computers. If one were to predict the number of ransomware Trojans based on the variants spawned by similar projects such as Hidden Tear or EDA2, the outlook is not particularly bright, since each of these 'educational' ransomware Trojan projects spawned countless variants that have caused innumerable damage to computer users around the world.


Most Viewed