NM4 Ransomware
Posted: April 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 65 |
First Seen: | April 26, 2017 |
---|---|
Last Seen: | April 23, 2018 |
OS(es) Affected: | Windows |
The NM4 Ransomware is an updated version of the R Ransomware, a Trojan that locks your files with an encryption algorithm before redirecting the user to a ransom-collecting website. Decoding any files this threat locks may be difficult or impossible, and malware experts recommend backing up content to prevent this Trojan from gaining any leverage. Standard anti-malware protocols also can assist with removing the NM4 Ransomware or stopping its install routine.
Weeks Later, a File Recovery Hoax Finally Has a Brand Name
The R Ransomware began its campaign as a relatively standard sample of a file-encrypting threat, using the AES ciphers to stop you from opening your files. However, its most remarkable attribute came, not in its payload, but in its accompanying website, which disguised its ransom demands with a fake technical support. Its authors apparently have yet to give up on this tactic and even are re-branding it under the new name of the NM4 Ransomware.
The NM4 Ransomware still uses an AES-256 encryption method that it protects from decoding with another RSA cipher. Unlike most file-encrypting threats, the NM4 Ransomware doesn't include a whitelist of files to encode; instead of a whitelist, the NM4 Ransomware uses a blacklist for excluding critical locations. While this format does prevent the NM4 Ransomware from damaging the operating system, malware experts warn that it leaves wide ranges of other data formats open to being encrypted. The NM4 Ransomware also appends a '.NM4' extension, signifying the change in its brand label from R Ransomware.
The more notable aspect of the NM4 Ransomware's campaign is the local Web page it drops for delivering its ransoming demands. Threat actors still disguise their TOR-based website as promoting a business's security services, encouraging the victim to pay the fee without understanding that the site's admins are responsible for the attack necessarily. Bitcoin continues being the currency of preference, which could let them take the money without giving you any decryption help with no negative repercussions.
The Superior Choice to Depending on a Con Artist's Guarantee
Social engineering tactics are less distinct but still important parts of many ransom-based threat campaigns, which often provide misleading or false information to encourage fast payments. While the NM4 Ransomware's threat actors may or may not choose to provide full decryption services for paying 'customers,' their insistence on Bitcoins guarantees that they'll suffer no penalties from choosing not to do so. Backing your files up to a storage device or cloud server is the ideal method for recovering from all threats of this type, especially since malware analysts have yet to see evidence of the NM4 Ransomware's encryption routine breaking.
Con artists often compromise business sector servers with Trojans like the NM4 Ransomware by introducing them over e-mail attachments, or by brute forcing an account's login credentials. In more personal cases than those attacking a company's network, victims also could install this threat from a free software site or torrent mistakenly. Strong network security practices and anti-malware protection can prevent this from happening or even remove the NM4 Ransomware before it starts its potentially lengthy encryption routine.
Believing everything you read on the Web never is a good idea. However, when it comes to anonymous websites promoted by Trojans of the NM4 Ransomware's caliber, doing so is an active recipe for emptying your bank account.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 1.54 MB (1549312 bytes)
MD5: d396b18740bf4951637cc088b24caad0
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 7, 2017
file.exe
File name: file.exeSize: 1.54 MB (1549312 bytes)
MD5: 69bf4135b1dc686406acd9124e344652
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 7, 2017
file.exe
File name: file.exeSize: 1.54 MB (1549312 bytes)
MD5: 4bf285474eb7175b53158d70f9ba755e
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 7, 2017
file.exe
File name: file.exeSize: 1.54 MB (1549312 bytes)
MD5: 85655540a87585854473ce505427ddc1
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 7, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.