NGSC Ransomware

The Matrix Ransomware family is still being kept alive, and cybercriminals continue to add new members to it. One of the latest Matrix-based file-encryption Trojans is the NGSC Ransomware and, sadly, it has managed to cause damage to dozens of victims already by encrypting their files and attempting to extort them for money. The attack method that the NGSC Ransomware uses is a typical one – it encrypts a large portion of the victim’s files and then drops a ransom note that tells them that the recovery of their files will be completed as soon as they pay an unspecified ransom fee.

Just like other file-lockers, this one also uses a custom file extension to mark the names of all locked files – ‘.NGSC.’ It also drops a ransom note found in the file ‘!NGSC_INFO!.rtf,’ which tells the victim to message netganster@protonmail.com for further instructions. In addition to this, the ransom note also may contain a short description of the attack accompanied by a guide on how to purchase Bitcoins. We would not advise you to follow the instructions of the perpetrators, because they are anonymous cyber crooks who will not hesitate to scam you out of your money – many ransomware victims who agreed to pay the ransom sum have ended up losing both their money and their files.

The best thing to do if you are a victim of the NGSC Ransomware is to remember that you should not cooperate with the attackers even if you lost very important files – paying them money is a risky decision that may not provide you with anything in return. The suggestion is to run an anti-malware scanner to assist you with the removal of the NGSC Ransomware, and then try to take advantage of 3rd-party data recovery methods and tools.