Home Malware Programs Ransomware Neras Ransomware

Neras Ransomware

Posted: June 20, 2019

The Neras Ransomware is a file-locking Trojan from the STOP Ransomware family, a Ransomware-as-a-Service that hires itself out to other threat actors. The Neras Ransomware can block different media types on your computer, remove backups, and solicit ransoms for its help with recovering your files. Having appropriate backup strategies in place will preserve your data, and most anti-malware programs are adept at removing the Neras Ransomware and its relatives.

African Kingdoms under Assault by Hired Software

North Africa isn't the most high-traffic location for threat actors capturing files for money, but file-locker Trojans' campaigns can be exploitative and may seek out vulnerabilities for abusing, wherever they find them. The Neras Ransomware is one of the few Trojans of this kind that's acquiring victims inside the Kingdom of Morocco, although its family, the STOP Ransomware or Djvu Ransomware, trends towards indiscriminate border-crossing behavior. Its version isn't confirmable, yet, but malware analysts estimate that it's beyond the 1.0 version signaled by the Muslat Ransomware.

The Neras Ransomware's family includes numerous variants with version differences, including the Boston Ransomware, the Hrosas Ransomware, and the Promock Ransomware, none of which belong to the same build. Similarly to its relatives, the Neras Ransomware attacks the user's local media with an AES encryption mechanism that can use offline or online-securing methods, and only the former has a hope of compatibility with free recovery software. The 'neras' extension that it adds onto their names, and minor differences to its ransom notes, are the only significant differences between the Trojan and its ancestors.

Optionally, the Neras Ransomware may drop other threats on the system, along with taking your files hostage. At the moment, malware experts only verify the feature's use with a version of AZORult. This spyware can collect the user's browser history, cryptocurrency wallet passwords, and other credentials – thus, forming a secondary profit stream for the threat actors.

Fighting Back against the Trojans Sabotaging Your Browser and Files Alike

The meaning behind the Neras Ransomware's name is as murky as that of the Norvas Ransomware and most of the other, 2019 campaigns from its RaaS, and users shouldn't rely on these titles for determining what nations or nationalities are at risk. The Neras Ransomware infections, in addition to all the prior security dangers, will try to wipe the Windows backup information, for safeguarding their extortion plan, and may even block some websites. Fortunately, the latter is easily repairable by resetting the Hosts file.

Some users may recover their files through free decryption programs with updates for the latest version of the STOP Ransomware. However, this cure only is possible by preventing the Neras Ransomware from connecting to its Command & Control server. Users who don't interrupt the connection before it retrieves its second encryption code will be incapable of unlocking, AKA decrypting their media without the criminal's help.

Anti-malware programs from nearly all PC security companies, however, can identify the members of this family, by default. Uninstalling the Neras Ransomware by anti-malware tools immediately, if one can't prevent infection, is the second-best course of action.

The Neras Ransomware is starting in Africa, but the STOP Ransomware will not stop at national borders. Anyone without backups, and especially, anyone who clicks on hostile files or uses careless server security practices habitually, is placing themselves in danger.

Loading...