The Nakw Ransomware is a file-locking Trojan from the family of the STOP Ransomware. Although it can conduct other attacks, its primary symptoms involve stopping files from opening by encrypting them. Users should ignore any ransom demands from this threat, recover through backups, and let their anti-malware services uninstall the Nakw Ransomware.
The Next Number in Software Extortionists
Ransomware-as-a-Service remains, at least theoretically, profitable, as criminals are continuing the act of hiring out customized variants from families like the Scarab Ransomware, the Dharma Ransomware and the STOP Ransomware. A new release in the latter group is targeting users in the Philippines, which is part of the family's traditional 'stomping grounds.' Malware researchers also confirm that current decryption freeware doesn't work on this Trojan, dubbed the Nakw Ransomware.
The Nakw Ransomware, build '0177,' uses a two-part encryption method for blocking files, like many of the other RaaS families that it competes with during its campaign. The first half uses a non-dynamic, AES algorithm, but the second, RSA portion, may use an internal or externally-downloaded one. Users who disconnect from the Internet immediately may keep the Nakw Ransomware from securing its encryption with the dynamic key and, therefore, have slightly better chances of recovering any files.
The Nakw Ransomware targets media formats according to its familial blacklist, including Word and Notepad documents, various pictures, space-compressed archives, audio and others. While it uses a similar encryption method to other Trojans from its family (see also: the Djvu Ransomware, the Bora Ransomware, the Peta Ransomware, the Nasoh Ransomware, and more), it marks them with different extensions. In this Trojan's case, it appends 'nakw' strings at the end of filenames.
Sending Islander Trojans Back Out to Drift
The Philippines geotargeting of the Nakw Ransomware's campaign is also a potential thematic tie in its name, which highly resembles the Filipino word for 'stealth.' Since file-locking Trojans like the Nakw Ransomware will either conduct attacks via totally-hidden, background memory processes or generate fake update pop-ups for disguises, the theme is an appropriate one. Ordinarily, users have few or no symptoms between the installation of a STOP Ransomware member and its encryption attacks.
While there are poor odds of detecting the Nakw Ransomware by eye, malware experts can recommend users saving secure, non-locally-stored backups for totally mitigating its encryption feature. The Nakw Ransomware remains threatening potentially despite this precaution, however. It may download Mimikatz and other spyware, block your Web browser through the Hosts settings and transfer system data over to its C&C server. Attacks by the Nakw Ransomware are easily checked by users not taking unwise chances with their media, but at least one victim saw fit to gamble. The cost is more than just a ransom, unfortunately, since admins for Trojans like the Nakw Ransomware don't always keep their side of any bargains.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Nakw Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.