Home Malware Programs Ransomware Nlah Ransomware

Nlah Ransomware

Posted: June 2, 2020

The Nlah Ransomware is a file-locking Trojan that's part of the STOP Ransomware Ransomware-as-a-Service. The Nlah Ransomware stops your files from opening by encrypting them, blocks security websites, removes some backups, and conducts other attacks to sell its ransom service. Users should protect their work through securing and updating their backup while having anti-malware solutions for removing the Nlah Ransomware properly.

Becoming Another STOP on the Data-Blocking Train

Since its introduction to the wild in years past, the STOP Ransomware has been one of the fastest-growing families of file-locking Trojans. Like similarly-prominent Ransomware-as-a-Service entities, it depends on criminals hiring the file-locker Trojan and circulating it according to their preferences, with trivial distinguishing elements between concurrent campaigns. Another variant is showing that the family is going, and growing, stably for the summer months: the Nlah Ransomware.

The Nlah Ransomware follows the long-standing pattern of taking its name from the extension it adds onto every file that it blocks, a simple, four-character random string with no plain meaning. The Nlah Ransomware may contact its Command & Control server before locking files for download a 'secure' key or use an internal, static one for situations where its connection fails. In either case, it succeeds in blocking most media types on the infected Windows computer, such as documents, databases and pictures.

Users should further beware of side effects from all threats that come from the Nlah Ransomware's family, which includes Trojans as new and old as the Covm Ransomware, the Pezi Ransomware, the Nacro Ransomware or the Dutan Ransomware. The Nlah Ransomware will attempt the deletion of the Shadow Volume Copies or the Restore Points and block websites related to PC security by changing their Hosts file domain mappings. The latter is easily-correctible, even by users without much computer experience, but the encryption that the Nlah Ransomware uses for blocking files is, usually, totally secure.

Taking Another Route to Saving Files

The Nlah Ransomware creates text messages that are identical to the notes of other STOP Ransomware variants, which 'sell' its decryption offer to the victims. Although the RaaS includes a detailed procedure for buying unlocking help, there can be no guarantee, lawful or otherwise, that victims will get whatever they pay for receiving. Backing up one's work to devices that the Nlah Ransomware can't access and lock is an absolute necessity for this file-locker Trojan and the hundreds of others that occupy the same category.

The Nlah Ransomware also includes some risk of data theft, albeit not through its payload, directly. The Trojan family may accompany AZORult or other spyware that specializes in collecting passwords and related login credentials. In most scenarios, threat actors take this information for ransoming network-connected systems, but they also may sell it or conduct other attacks.

Users should look for any vulnerabilities in their file-downloading habits, e-mail interactions, and Web-browsing behavior, which may instigate infections. As a last resort, skilled anti-malware products will delete the Nlah Ransomware and other STOP Ransomware Trojans.

The Nlah Ransomware changes nothing about its ransoming demands, payload, or other characteristics worth noting as a Trojan. This stagnant development is a warning that the threat actors feel no pressure for adapting, which, in turn, shows that their victims aren't taking attacks as seriously as they should.

Loading...