NORD Ransomware Description
The NORD Ransomware is a file-locking Trojan that attacks the user's digital media files and stops them from opening. As part of the small family of the DarkCrypt Ransomware, it delivers ransom notes in HTA and TXT formats similar to previous members, changes files' extensions, and has no free unlocking solution. Windows users should have backups for protecting any files and let traditional anti-malware utilities delete the NORD Ransomware as they detect it.
Contrary to Name, It's Far More than Just a Nordic Computer Problem
The DarkCrypt Ransomware is a group of file-locker Trojans with far fewer variants than, for instance, the seemingly-endless processions of Djvu Ransomware throughout the world's PCs. However, being tiny isn't a measure of the risk or safety of the attacks it wields: equivalent to most Ransomware-as-a-Service style payloads in terms of blocking computer data. The NORD Ransomware is an update first detectable in late November, with definite similarities to ancestors like H@RM@ Ransomware.
The NORD Ransomware still is a Windows-based threat, requires the .NET Framework, and is quickly downloadable at less than a megabyte. The Trojan uses the family's encryption standard for blocking media files, such as documents, pictures, movies, or databases, by converting them into temporarily non-readable formats. This feature sets up the Trojan's extortion plan for reaping ransoms later.
Other symptoms from the NORD Ransomware's payload include the usual changes to files' names, such as adding extensions with victim IDs and the threat actor's e-mail and delivering pop-up HTA and TXT text format ransom notes. The former's formatting resembles other file-locker Trojan families' templates, such as the often-imitated Crysis Ransomware family. Users have no initial information on the ransom requirement for the criminal's file-unlocking help, a common negotiating tactic in these types of attacks.
However, there is no free decryption service for the NORD Ransomware's family, and users should invest in backups – especially non-local ones – for their data recovery needs.
Procuring an AV Solution from an Entirely Wrong Source
Malware researchers see trends in kind between the NORD Ransomware and the H@RM@ Ransomware that reach beyond the post-infection attacks' scope. The earlier campaign by the older DarkCrypt Ransomware variant used the disguise of a Windows Defender update for its distribution tactic. Similarly, the NORD Ransomware pretends that it's a non-specific antivirus program. Windows users should remember that these themes are archetypal in drive-by-download attacks for delivering Trojans of all kinds. Verifying a downloaded file's domain, double-checking extensions, and scanning files before opening them are beneficial for evading fake updates and installers.
The DarkCrypt Ransomware family is smaller than most of the other encryption-based groups in the threat landscape notably. Even so, most anti-malware tools will detect and delete the NORD Ransomware as a threat without letting any files come to harm.
The NORD Ransomware's moral fable is an easily-understood one: be careful about the identity of a download, and don't trust brand names by default. Without confirming a file's identity before opening it, the consequences can be as dangerous as inviting a masked man into one's home.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to NORD Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.