NocryCrypt0r Ransomware
The NocryCrypt0r Ransomware is a file-locking Trojan that's a variant of CryptoJoker Ransomware, an open-source project. The NocryCrypt0r Ransomware blocks the user's files with RSA-secured XOR encryption and includes some supporting features, such as changing extensions and delivering text ransom notes. Windows users can immunize their files from this extortion by securely saving backups effectively and should have anti-malware solutions available for safely deleting the NocryCrypt0r Ransomware.
Just a Small Joke on Files, but No One's Laughing
An unknown threat actor is taking the supposedly 'educational' code of CryptoJoker Ransomware and deploying it as the variant, the NocryCrypt0r Ransomware. The NocryCrypt0r Ransomware recycles most of the ransom message and other features of old versions (see also, the CryptoNar Ransomware, the B00m Ransomware, etc.). However, its expectations for ransoms are modest exceptionally and indicate a campaign focusing on home users.
The NocryCrypt0r Ransomware is a Windows, .NET Framework Trojan, just like the GitHub CryptoJoker Ransomware project of its ancestry. It blocks files with an XOR-based encryption feature that includes the cosmetic appending of an unusual double extension ('partially.nocry') onto their names. After locking documents and other, ransom-appropriate media, it drops a text note for the victim.
The NocryCrypt0r Ransomware's ransom note is one that malware experts also find on other versions of the CryptoJoker Ransomware and Hidden Tear. However, the threat actor updates the mostly-generic instructions and warnings with a new wallet address and lowers the Bitcoin ransom to fifty Euros. Besides helping readers isolate its campaign to Euro-using regions of the world, this ransom also is interesting for being cheap and more appropriate for home PCs or small businesses than, for instance, a corporate network.
Laughing Off an Open-Source Trojan's Gags
Since malware researchers haven't verified the NocryCrypt0r Ransomware's deleting the Shadow Volume Copies, users might have the Restore Points available for recovering any files. Another alternative is using Michael Gillespie's free decryption tool, which is compatible with most CryptoJoker Ransomware's small family versions. Users also may consider submitting new samples like the NocryCrypt0r Ransomware and related infection vector files to interested researchers for further research into any encryption updates or distribution exploits.
The NocryCrypt0r Ransomware's Bitcoin wallet has no transactions fitting its ransom demands currently. Victims should remember the dangers of paying extortionists, which include receiving any data recovery assistance, not necessarily. Whether or not any blocked files are recoverable through a decryptor, users always should have backups on other storage devices and servers for safely recovering any valuable media.
Users can limit possible infection exploits through several steps, including using strong passwords, disabling scripts while Web-browsing, avoiding illicit content and unofficial update resources, and being careful with e-mail attachments. Anti-malware services can't decrypt files, but most Windows security services will identify, block and delete the NocryCrypt0r Ransomware.
The harm that the NocryCrypt0r Ransomware causes correspond to the absence of data recovery solutions and security in any Windows PC that plays host to the Trojan precisely. Since its campaign has no known profits, Windows users should do their best at keeping any future extortion attempts from succeeding in their aims at the expense of a stranger's files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.