NM4 Ransomware

The NM4 Ransomware is an updated version of the R Ransomware, a Trojan that locks your files with an encryption algorithm before redirecting the user to a ransom-collecting website. Decoding any files this threat locks may be difficult or impossible, and malware experts recommend backing up content to prevent this Trojan from gaining any leverage. Standard anti-malware protocols also can assist with removing the NM4 Ransomware or stopping its install routine.

Weeks Later, a File Recovery Hoax Finally Has a Brand Name

The R Ransomware began its campaign as a relatively standard sample of a file-encrypting threat, using the AES ciphers to stop you from opening your files. However, its most remarkable attribute came, not in its payload, but in its accompanying website, which disguised its ransom demands with a fake technical support. Its authors apparently have yet to give up on this tactic and even are re-branding it under the new name of the NM4 Ransomware.

The NM4 Ransomware still uses an AES-256 encryption method that it protects from decoding with another RSA cipher. Unlike most file-encrypting threats, the NM4 Ransomware doesn't include a whitelist of files to encode; instead of a whitelist, the NM4 Ransomware uses a blacklist for excluding critical locations. While this format does prevent the NM4 Ransomware from damaging the operating system, malware experts warn that it leaves wide ranges of other data formats open to being encrypted. The NM4 Ransomware also appends a '.NM4' extension, signifying the change in its brand label from R Ransomware.

The more notable aspect of the NM4 Ransomware's campaign is the local Web page it drops for delivering its ransoming demands. Threat actors still disguise their TOR-based website as promoting a business's security services, encouraging the victim to pay the fee without understanding that the site's admins are responsible for the attack necessarily. Bitcoin continues being the currency of preference, which could let them take the money without giving you any decryption help with no negative repercussions.

The Superior Choice to Depending on a Con Artist's Guarantee

Social engineering tactics are less distinct but still important parts of many ransom-based threat campaigns, which often provide misleading or false information to encourage fast payments. While the NM4 Ransomware's threat actors may or may not choose to provide full decryption services for paying 'customers,' their insistence on Bitcoins guarantees that they'll suffer no penalties from choosing not to do so. Backing your files up to a storage device or cloud server is the ideal method for recovering from all threats of this type, especially since malware analysts have yet to see evidence of the NM4 Ransomware's encryption routine breaking.

Con artists often compromise business sector servers with Trojans like the NM4 Ransomware by introducing them over e-mail attachments, or by brute forcing an account's login credentials. In more personal cases than those attacking a company's network, victims also could install this threat from a free software site or torrent mistakenly. Strong network security practices and anti-malware protection can prevent this from happening or even remove the NM4 Ransomware before it starts its potentially lengthy encryption routine.

Believing everything you read on the Web never is a good idea. However, when it comes to anonymous websites promoted by Trojans of the NM4 Ransomware's caliber, doing so is an active recipe for emptying your bank account.

Technical Details