Nozelesn Ransomware
The Nozelesn Ransomware is a file-locking Trojan that may encrypt or corrupt your media and sell its unlocking service to you through ransoming messages. Its campaign is focusing on, but not exclusive to the nation of Poland, and could be using spam e-mails for the Trojan's propagation. Keep spare backups of your files, when possible, and always remove the Nozelesn Ransomware with a suitable anti-malware program upon its detection.
A Delivery You Weren't Expecting
A new file-locking Trojan is, relatively suddenly, experiencing distribution in high numbers, with Polish PC users being disproportionately affected by its attacks. These Nozelesn Ransomware infections are using fake invoices for the Euro-centric DHL delivery company, through spam e-mails, for finding new victims. Thanks to the rapidity of its deployment, malware experts, and others within the cyber-security industry still are struggling with acquiring confirmed samples of the Trojan and analyzing all the features within its payload.
Although the Nozelesn Ransomware may include other attacks not yet analyzed, it does use a typical, encryption-based routine for locking documents and other media formats throughout the PC's various directories. No users are reporting of any damage to the operating system or other, critical Windows components. However, workplace and recreational data may experience a potentially permanent locking through AES-256 or another encrypting method. Malware experts are, as is often the case with file-locking Trojans, connecting the encrypted state of files to new extensions ('example.gif.nozelesn').
The threat actors are using local Web pages that the Nozelesn Ransomware creates for providing links to their ransom-processing site, which, as usual, takes advantages of the TOR's anonymity protection. The seemingly functional website requires a custom ID for logging in, and processes one-tenth of one Bitcoin in exchange for a possible decryption service. Users with any alternatives should ignore the ransom demand and remain aware of the high chances of paying without seeing any benefits from doing so.
Paying the Price of an Improper Invoice
The extreme typicality of the Nozelesn Ransomware's current infection strategy doesn't preclude its threat actors' switching to other methods, later, such as brute-forcing server logins or circulating fake torrents of games or movies. However, a majority of file-locking Trojan attacks include taking advantage of unsafe user habits, such as using inappropriate network passwords, opening file attachments recklessly, or enabling hazardous content, like JavaScript or Word macros. Malware experts also caution that the Nozelesn Ransomware, as a very newly-confirmed threat, may include other features not yet verifiable with the current resources.
Backing up files to secure PCs or storage devices will give any victims the best recovery option for any encrypted media. Victims also should consider offering samples of non-critical locked data and the Trojan, itself, to reputable cyber-security researchers for assisting with decryption investigations. At the moment, any files that the Nozelesn Ransomware locks will be unavailable permanently, although professional anti-malware software should delete the Nozelesn Ransomware well in advance of its attack.
Risky behavior from the person at the keyboard is responsible for most file-locker Trojan infections. With no public solution for undoing the damage that the Nozelesn Ransomware causes, any Polish businesses should consider training their employees on e-mail security, if they haven't done so, already.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.