Nbes Ransomware
The Nbes Ransomware is a file-locking Trojan that can keep documents and similar media from opening by converting them into encrypted versions. As a component of the STOP Ransomware family, it conforms to that group's norms concerning its extortion practices and premium decryption solution. Users can back their work up as a reasonable precaution and use anti-malware utilities for deleting the Nbes Ransomware before it strikes.
There's no STOP-ping this Trojan Train
The STOP Ransomware, a family of software of laudable repute among criminals for the easy availability it provides to a professional extortion campaign, is one of the most rapidly-reproducing Trojan groups of the year, right alongside competitors like the Scarab Ransomware and the Globe Ransomware. The attacks of the codnat1 Ransomware, the Horon Ransomware, the Rectot Ransomware, and the Blower Ransomware offer reasonable evidence of the family's SOP, but there's an even newer case to examine: the Nbes Ransomware.
Confirmation of this variant comes through a Russian AV researcher, although the STOP Ransomware's family operates world-wide and tends towards targeting random victims in Asian island nations. It uses a standard Registry entry-based persistence exploit for setting itself up and running its encryption attack, which it reinforces through a C&C-downloaded code, preferably. If it can't contact the server, for whatever reason, it still can lock files but does so with a built-in RSA failsafe.
Besides locking content such as documents, databases, music, or pictures, the Nbes Ransomware adds its name's 'Nbes' string into their names, deletes (or tries to) the Restore Points through CMD commands, and creates a TXT ransom note. Users should ignore the ransom demands until testing their other recovery options, and malware experts suggest backing up content to other devices as the best safeguard.
Shutting Down a Crime Family's Payday
Ransomware-as-a-Service operations like those of STOP Ransomware can be creative and variable in their distribution techniques. Since each variant can be under the 'management' of a different criminal, there's not any consistency between two campaigns from the same family necessarily. As a rule, though, the STOP Ransomware tends towards randomly victimized vulnerably-configured networks or acquiring system access through unsafe downloads.
The latter infection vector can include torrented media, such as a fake download of a popular movie, or more a more business-like disguise, such as an e-mail-attached invoice. Users can ignore illicit or suspicious download links, or scan them with appropriate security tools before opening them. Malware researchers also encourage using secure passwords, updating server software and disabling scripts while browsing the web.
While unlocking files for free is possible in the STOP Ransomware infection rarely, most anti-malware programs will not let the Trojan get its chance for encrypting anything. Such security solutions can delete the Nbes Ransomware automatically, as with other members of the RaaS.
Even at the end of the year, victims aren't disincentivizing the STOP Ransomware mobster-like business enough for variants to come to a stop. The Nbes Ransomware, like so many Trojans before it, is an endless memo of the lazy and non-secure nature of most people's file storage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.