Nyx Ransomware
Nyx is a ransomware that encrypts files and appends the victim's ID, an email address ('datasupp@onionmail.com' or 'recoverdata@msgsafe.io'), and the '.NYX' extension to filenames. The Nyx Ransomware also drops a 'READ_ME.txt' file containing its ransom note. The ransom note instructs victims to contact threat actors via email with their provided ID if they want to restore their files. Victims can send up to three files for free decryption before paying for data decryption.
The ransom note also warns victims not to try recovering their files using any third-party software, as it may permanently damage the data. The attackers threaten that files will be leaked on various forums if victims refuse to contact them, revealing that they are using double-extortion tactics as part of the threatening operation. The Nyx Ransomware is particularly threatening because it uses strong encryption algorithms, which makes it difficult for victims to recover their data without reaching out to the cybercriminals.
The Nyx Ransomware Exerts Additional Pressure on Victims
Double extortion tactics, such as the ones employed by the threat actors behind Nyx Ransomware, are becoming a common feature of ransomware attacks. This involves the threat actors not only encrypting the victims' data but also exfiltrating sensitive information and threatening to leak it publicly if the impacted organizations or users do not pay the ransom. This creates an additional incentive for victims to pay up, as they risk having their confidential data exposed if they do not comply with the attackers' demands. Double extortion tactics are particularly effective because they increase the pressure on victims to pay up quickly and can be used in combination with other techniques, such as social engineering or phishing attacks.
The full text of the ransom note dropped by Nyx Ransomware is:
'if you are seeing this, it means all of your files have been encrypted and uploaded by Nyx Ransomware
but you don't need to be worry about your files you can take back all of them in case of a corporation and following instructions step by step
Otherwise, we can assure you that you won't see your files again.Use these emails to contact us and receive instructions :
Main email: datasupp@onionmail.com
Secondary email ( in case of no response in 48h) : recoverdata@msgsafe.io
Use the following ID as the title of your email: -
Remember, if you try to recover your files through any third-party software, it can cause premature damage to your files, and we can't help you either.
Also, you can send up to 3 test files to see if we can decrypt your files.
After a while, if we don't receive an email from you, we will leak all of your files and documents in different forums.
Besides, be aware of all those middleman services out there; they will waste your time and money.'
