Nasoh Ransomware
The Nasoh Ransomware is a file-locking Trojan that can keep your digital media from opening. Besides encrypting your work, the Nasoh Ransomware changes their extensions, removes Windows backups, and delivers ransom notes with its payment demands for the unlocker. Let your anti-malware solutions remove the Nasoh Ransomware as soon as it's detected and use non-local backups for any recovery needs.
The STOP Ransomware Plague Takes More Victims
Southeast Asia remains besieged by the Ransomware-as-a-Service family known as the STOP Ransomware (or Djvu Ransomware, after one of its early variants). A recent catch of this family's offspring is showing itself out in the wild in multiple nations in that part of the world, including India, Indonesia and the Philippines. Its victims are begging for assistance, but their odds of recovering anything that the Nasoh Ransomware locks aren't very favorable.
The Nasoh Ransomware's family uses encryption for placing the files of infected PCs in hostage scenarios, where the user's documents, pictures, music and other content can't open. The rental-based family uses AES encryption, which is a worldwide favorite among file-locking Trojans, as well as RSA, for securing it. If the Nasoh Ransomware experiences C&C connection disruption during its attack, it may not download the online version of the RSA key, which gives victims a better chance of 'unlocking' their files with a public, freeware decryptor.
The Nasoh Ransomware also generates a ransom note 'readme' file, which provides a premium decryptor from the attacker. Malware experts recommend against paying the fee, which is an unreliable solution, or of interacting with links contained in these documents, which may endanger your computer. There also are cases of STOP Ransomware variants downloading spyware, which raises the chances of infections precipitating a loss of login credentials.
Shrinking a Growing Family's Extortion Potential
Since encryption is readily available and reversing it is, often, an impossibility, users with files worth paying for restoring should implement precautions before an infection happens. Although Windows saves default, the Shadow Volume Copy-based backups, the Nasoh Ransomware can delete this data with CMD commands. Similar capabilities are extant through other members of the STOP Ransomware family, such as the Coharos Ransomware, the Mtogas Ransomware, the Novasof Ransomware and the Tocue Ransomware.
The Nasoh Ransomware is version 1.45 of its family, which is recent, albeit not the latest build. Along with backing up their work, users should update security solutions for identifying the Nasoh Ransomware accurately. They also can avoid traditional infection vectors like e-mail attachments and torrents. Malware experts also highly recommend that server administrators never use default passwords or leave RDP indiscriminately accessible.
Free decryptors have some chance of recovering encrypted files, although this solution isn't a certainty. Regardless, users should uninstall the Nasoh Ransomware with a trusted anti-malware tool ASAP for preventing further encryption attacks.
The Nasoh Ransomware is getting a significant foothold throughout the Asian Web. Whether that growth correlates with making money is in the hands of those whom it's extorting.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.