NSB Ransomware

The NSB Ransomware is a file-locking Trojan that displays warning screens pretending that its attacks are under the authorization of a fictitious National Security Bureau or NSB. This threat solicits its victims for Bitcoin payments in return for restoring their files and can impede access to the user interface. Disable its pop-up with traditional security techniques and let your anti-malware products delete the NSB Ransomware automatically before conducting any data recovery efforts.

Trojans Faking Police Action for Their Benefit

Old-fashioned, screen-locking Trojans are, almost entirely, being replaced by file-locking ones that accomplish a similar, extortion-based attack while providing more incentive to their victims. However, some Trojans, like the new the NSB Ransomware, continue maintaining the 'almost' in that statement by including both of these identifying features. The NSB Ransomware blocks the user's files, but also imitates a legal warning, although its threat actor isn't using the detailed iconography that malware experts associate with more thorough versions of these Trojans.

The NSB Ransomware's biggest significant from typical, file-locking Trojans like Hidden Tear or the Jigsaw Ransomware is its means of locking documents and other media on the computer. Instead of using an AES encryption technique, or placing them in an archive like the Unlock92 Zipper Ransomware, the NSB Ransomware converts the user's work into portable executable or PE files and inserts its polymorphic code. Launching the 'locked' file, then, re-launches the screen-locking pop-up feature from the NSB Ransomware's payload, in case the user ever closes it, in the first place.

The pop-up window for the NSB Ransomware claims that its attack is a punishment for the user's illicit use of pirated software, and asks for a Bitcoin payment for unlocking the files. This price converts to over five thousand USD, which is a ransom most appropriate to government and business sector networks, even though the tactic's theme is more relevant to casual PC users. Although the screen includes an interactive field for the ransom process, as always, paying has no guarantee of recovering any files.

The Security that Means Something to a Fake Burea

Tellingly, the NSB Ransomware conducts its ransoming communications in English, despite all of the nations that have official 'National Security Bureau' organizations not having it as their first language, such as Taiwan. Its threat actor may have little experience in the file-locker Trojan industry or could use English for guaranteeing that the NSB Ransomware is compatible with as many countries as possible. Due to the NSB Ransomware's unique file-locking feature, malware experts strongly encourage backing up all emotionally or monetarily-valuable data on your PC to other devices, which is the only way of confirming that you can restore anything that this threat attacks.

Threat actors using the same tactic in the NSB Ransomware's screen-locking feature, often, exploit fake downloads (such as torrents for pirated games and associated cracks or other, illicit utilities) for compromising the PCs of their victims. Besides its being a Windows-specific program, malware experts can offer no further details on the NSB Ransomware's distribution model. Anti-malware protection can both prevent infections and remove the NSB Ransomware afterward, but any converted files may not be recoverable.

The NSB Ransomware is a rarely-seen fusion of several features that malware researchers are unused to seeing from 2018's file-locking Trojan industry. As ever, however, knowing the difference between a real legal warning and a hoax is part of protecting all your possessions on your computer.