Noblis Ransomware
Posted: December 14, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 1/10 |
|---|---|
| Infected PCs: | 66 |
| First Seen: | September 14, 2022 |
|---|---|
| OS(es) Affected: | Windows |
The Noblis Ransomware (or, translated from Latin, 'Noble' Ransomware) is a file-locker Trojan that may keep you from opening different formats of media, such as documents, while it creates ransom-themed pop-ups. These ransom transactions don't always give the paying victim a decryption solution, and malware experts advise using backups or freeware decryptors when it's possible to do so. Since the Trojan includes components in misleading locations intentionally, you should have your anti-malware products remove the Noblis Ransomware automatically while they scan the PC.
Another Python Lunging after Your Files
Since it's an easy-to-learn programming language that represents a less steep experience than Java or C++, Python has its share of threatening software, as well as benevolent applications. Malware experts often see builds of file-locking threats using this coding platform, such as the Relec Ransomware, the PyCL Ransomware, the Pickles Ransomware, the PyL33T Ransomware and the HolyCrypt Ransomware. However, with many of them, such as the latest sample of the Noblis Ransomware, the payload is incomplete even though its intentions denote a desire to encrypt and block the victim's files.
The Noblis Ransomware is far from its distribution stage of development, although, by default, malware experts see ransom notes from this threat that extort money from Spanish-speaking regions like much of South America. The Trojan drops its files in a temporary user files sub-directory before creating a mutex to register its installation. The Noblis Ransomware only runs its AES-based encryption attack, thereby blocking formats of media like pictures or documents, if the mutex isn't present. While the Noblis Ransomware also includes possible, future support for the RSA encryption of the decrypting code for restoring any blocked data, for now, malware experts observe it as being non-functional.
The Noblis Ransomware behaviors differently when the mutex entry is in place, and, instead, loads a pop-up message for the victim. The Trojan's ransom note uses a formatting similar to that of other file-locking threats of diverse families and includes Spanish-based ransoming instructions, a timer, and Bitcoin credentials like a (currently non-valid) wallet address. The decryption module is built into the Noblis Ransomware, although there's no guarantee that paying will provoke a transfer of the required key.
Turning Down Nobility's Unfair Offer
The Noblis Ransomware's authors may be preparing their Trojan for the Ransomware-as-a-Service (RaaS) sector of the black market. Because the Trojan uses a separate, easily modifiable configuration file for determining details like the extensions on any blocked media (such as 'anyrun' or 'noblis') and the ransom-paying address, individuals could create their variants of the Noblis Ransomware with almost no difficulty. This fact also makes it likelier than usual that the Noblis Ransomware could circulate via different exploits, such as spam e-mails, malvertising, exploit kits, or brute-force attacks against corporate networks.
The Python software can run on most operating systems, including Windows, Linux and OS X. So far, malware experts only are identifying Windows-based installers, although, as noted previously, the Trojan's development is incomplete definitively. Automatically having your anti-malware products remove the Noblis Ransomware before it has the time to encode your files can prevent any encryption-related damages. Creating a regular, secure backup also is preferable for self-defense against all file-locker Trojans.
If it adheres to previous trends within its illicit industry, the Noblis Ransomware may be priming itself for ransoming cryptocurrency from Brazilian PC users. However, one never should underestimate the flexibility of pure text configuration values for RaaS-styled threats, which may rework a single program like the Noblis Ransomware into a long-term danger to digitally-stored media of all kinds.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.