Home Malware Programs Ransomware Nvetud Ransomware

Nvetud Ransomware

Posted: August 8, 2019

The Nvetud Ransomware is a file-locking Trojan from the Ransomware-as-a-Service known as STOP Ransomware or Djvu Ransomware. Infections can cause different files (documents, pictures, etc.) to stop opening, add extensions to their names, and erase backups. Victims can recover from non-local backups after deleting the Nvetud Ransomware with an appropriate anti-malware application.

The Middle Child of Data-Blocking Business Model

The STOP Ransomware is widely-recognizable for both the breakneck speed of its version iterating and its preference for using fake downloads like torrents for gaining victims in India, the Philippines and Indonesia. While the Nvetud Ransomware, at version number 1.35, isn't the most recent Trojan from its family, it does offer an equally-competent look at the risks of downloading Trojans by trafficking in illicit digital goods. The results are, often, an immediate detriment to your files.

The defining foundation of the Windows-based the Nvetud Ransomware's payload is its encryption, which uses a baseline algorithm of AES and a secondary one of RSA for locking your digital media. The list of formats it targets can differ between the STOP Ransomware builds. However, malware experts note a continuing endangerment of media like text documents, spreadsheets, music, movies, pictures and space-compressed archives.

Standard behavior for the latest versions of the Nvetud Ransomware's family includes a dynamic, Command & Control server key for the RSA encryption. This feature is efficient at blockading most unlocking solutions. Since the Nvetud Ransomware also can erase the Shadow Volume Copies or the Restore Points, users always should have backups on other devices that file-locking Trojans are incapable of attacking.

Strengthening Your Defenses against Trojans Bearing Locks

The STOP Ransomware family includes too many variants for listing in full, although users may take note of the significant and superficial differences between members like the Boston Ransomware, the Cosakos Ransomware, the Guvara Ransomware and the Verasto Ransomware. Members have a general predisposition for targeting Southeast Asian nations, although the Middle East and even South America also appear in statistics of their victims. In all cases, users lose access to all the files that these Trojans, including the Nvetud Ransomware, encrypt and lock.

Safe browsing and file-downloading behavior can assist users with avoiding infection attempts, such as fake torrents, that the Nvetud Ransomware's hiring threat actor may attempt. Establishing a backup that isn't on a vulnerable, internet-connected device will provide a further failsafe in cases where any content does experience encryption. Although Windows has the Shadow Volume Copies, default backups, the Nvetud Ransomware (and most, other file-locking Trojans) will erase them.

Anti-malware programs can identify nearly all variants of the STOP Ransomware without many issues. As long as they're active and using modernized threat databases, your preferred anti-malware services should delete the Nvetud Ransomware immediately.

As another step in the ladder of the STOP Ransomware's evolution, the Nvetud Ransomware's most troublesome aspect is its possibility of targeting victims by means they're not expecting. It's never too soon to keep backups of your files, assuming that they're worth paying to save.

Loading...