NZMR Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 13,287 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 72 |
| First Seen: | July 13, 2017 |
| Last Seen: | June 20, 2023 |
| OS(es) Affected: | Windows |
The NZMTAccording to our PC security analysts, the NZMR Ransomware was first observed in early Summer of 2017. The NZMR Ransomware seems to be a variant of EDA2, an open source ransomware platform that has spawned numerous encryption ransomware variants. The most common way in which the NZMR Ransomware is delivered to victims is through the use of corrupted Microsoft Word files, which use bad macro scripts to download and install the NZMR Ransomware onto the victim's computer. These files may be delivered using spam email messages, which use social engineering tactics to trick inexperienced computer users into infecting their computers with the NZMR Ransomware. Because of this, learning how to handle spam email and email attachments safely is an important precautionary step that can help prevent the NZMR Ransomware infections.
Table of Contents
Although a Very Ordinary Threat, the NZMR Ransomware can Cause a Lot of Harm
After the NZMR Ransomware enters a computer, it reports the attack to its operators and begins its encryption attack. There is little to differentiate the NZMR Ransomware from many other ransomware encryption Trojans out there, and the NZMR Ransomware is identical to the various known variants of EDA2. During its attack, the NZMR Ransomware will use a strong encryption algorithm to make the victim's files inaccessible, then it will change the infected computer's desktop image into a ransom note, which is used to demand a ransom payment from the victim. The NZMR Ransomware establishes a connection with its Command and Control servers using TOR to remain anonymous. The NZMR Ransomware's ransom note image is hosted on Imgur and is downloaded from there onto the victim's computer.
How the NZMR Ransomware Carries out Its Attack
Like other encryption ransomware Trojans, the NZMR Ransomware will make the victim's files inaccessible. The NZMR Ransomware will encrypt the victim's files, then demand that the victim pays a ransom to recover the affected files. The people responsible for the NZMR Ransomware attack demand that the victim email the con artists at sporter4499(at)protonmail.com to recover the affected files. Victims of the NZMR Ransomware attack are instructed to pay a ransom equivalent to $500 USD in Bitcoins. The text of the NZMR Ransomware ransom note, which is displayed on the victim's Desktop reads:
'YOUR COMPUTER IS HACK
ALL FILE THIS COMPUTER IS CRYPT
IF YOU WANT TO RECOVER YOUR FILES BEFORE THEY ARE REMOVED. YOU HAVE 24 HOURS TO SEND $ 500 TO THE DIRECTION OF BITCOIN THAT IS INDICATED BELOW:
ADDRESS: 1Dh6zY9U1V3XJELDh8hQdox3eR765XyR4H
ONCE YOU MAKE THE SENDING CONTACT BY EMAIL TO THE SOGUIENTE ADDRESS:
E-mail: sporter4499@protonmail.com
PROVIDE YOUR DATA FOR THE RECOVERY OF LOCKED FILES
THANK YOU VERY MUCH
TEAM NZMR'
PC security researchers have monitored the Bitcoin Wallet associated with the NZMR Ransomware and have uncovered that to date there are no payments made to the people responsible for the NZMR Ransomware attack. Due to the use of an open source ransomware platform and the poor wording of the NZMR Ransomware's ransom note, it is likely that the people responsible for the NZMR Ransomware are not particularly sophisticated or professional.
Protecting Your Computer from Ransomware Trojans Like the NZMR Ransomware
The best protection against ransomware Trojans like the NZMR Ransomware is to have a fully up-to-date security program and file backups. File backups are especially important when dealing with the NZMR Ransomware. This is due to the fact that file backups allow computer users to recover their data quickly after a NZMR Ransomware attack. If computer users have the option of restoring the encrypted files from a backup copy, then the people who delivered the NZMR Ransomware attack lose their hold over the victim, who will no longer have any incentive to pay the NZMR Ransomware ransom. Apart from file backups and a reliable security program, education and learning how to spot and handle spam email tactics and potential threat infections are also crucial in reducing the number of the NZMR Ransomware attacks.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.