NHLP Ransomware
File-lockers are threatening pieces of malware that are able to harm the files on your computer by encrypting their contents. Unfortunately, reversing this process is often a nearly impossible task, and victims of ransomware attacks have to look into unreliable data recovery options such as purchasing a decryptor from cybercriminals. One of the latest file-lockers on the landscape is the NHLP Ransomware, and it appears to be a project based on the infamous Dharma Ransomware family. Sadly, this is not good news exactly since the Dharma Ransomware is not compatible with free decryptors, and recovering the damaged files may be next to impossible.
The only reliable way to undo the harm that the NHLP Ransomware causes is to restore the locked files from a backup copy – if this option is not available to you, then we advise you to explore 3rd-party data recovery solutions, but keep in mind that the results they deliver may vary greatly.
The NHLP Ransomware's payload may be distributed via fake downloads, pirated software or games, bogus email attachments, and other popular malware distribution channels and tricks. If the NHLP Ransomware infects a computer successfully, it will make sure to encrypt files on all accessible hard drives and removable storage devices. To optimize the file encryption process, the NHLP Ransomware will go after specific files only – documents, images, videos, archives, databases, and other formats that are likely to be used on a daily basis. The ransomware also makes the locked files recognizable by using the '.id-<VICTIM ID>.[newhelper@protonmail.ch].NHLP' extension to mark their names.
The NHLP Ransomware ends the attack by performing the following tasks:
- Delete Shadow Volume Copies that may be used to restore some of the lost files.
- Disable the Windows System Restore and the Windows Recovery Environment.
- Create the files 'FILES ENCRYPTED.txt' and 'info.hta.'
The ransom notes that the NHLP Ransomware leaves behind tell victims to avoid trying 3rd-party data recovery tools, because they may end up damaging their files even further. The crooks advise victims to contact them by messaging newhelper@protonmail.ch or newhelper@cock.li, and be prepared to pay a ransom fee via Bitcoin.
Paying for the services for anonymous cybercriminals is a terrible idea, and you should not consider doing this. Instead, run an anti-malware service to help you remove the NHLP Ransomware, and then explore alternative file restoration options.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.