NW24 Ransomware
The NW24 Ransomware is a file-locking Trojan that's from the Ransomware-as-a-Service, Dharma Ransomware. Windows users with infections may find files not opening, missing backups, unusual extensions on files' names, or ransom-themed messages with skull and crossbones logos. Dedicated anti-malware programs will remove the NW24 Ransomware or stop its installation appropriately, and a robust backup plan counteracts most data loss issues.
Not Quite a Benign Helper of a Program
With an easy-to-use, kit-based RaaS model, the Dharma Ransomware is one of the most distributed and varied file-locking Trojan families as of 2020. With cases in point like the 2NEW Ransomware, the Beets Ransomware, the Devil Ransomware, the Xati Ransomware, and the NW24 Ransomware demonstrating its appeal to threat actors, Windows users have all the more justification for routinely updating their backups. The NW24 Ransomware is, by far, the newest of these, with all samples for the variant dating to August.
As a conventional, file-locker Trojan, the NW24 Ransomware's bread-and-butter feature is its secure data encryption, which uses AES and RSA algorithms for blocking files. It supports targeting most popularly-used media formats, such as documents or images. It also helps victims identify them by inserting its custom extension (and other, ransom-related information, such as an ID string). However, its family's less-intuitive features include using shell commands for disabling some Windows security features and deleting the Restore Points.
Although this Trojan family has two general ransom messages, it doesn't list a price or give an interactive unlocking or decryption option. The attacker provides more ransom information over contact with his or her free e-mail addresses. In this case, the e-mails offer the theme or name of the NW24 Ransomware ('newhelper24') but have no tangible changes from recent versions of this family.
As always, victims of any attacks should exert every effort to avoid paying, which prolongs the Ransomware-as-a-Service business's potential lifespan.
Taking the Cheapest Help Out of a Trojan Ambush
Most Ransomware-as-a-Services offer sufficiently-competent encryption that decrypting the files without the custom key is impractical. As per usual, the ideal recovery option for an NW24 Ransomware infection is a backup on another device that the Trojan can't delete. While the Dharma Ransomware family has a notable history of attacking business entities and their servers' contents via e-mail and other means, this past doesn't preclude the NW24 Ransomware from harming random users' Windows computers, too.
Besides saving a backup onto another server or detachable drive, users should remove elements contributing to a low-security environment. Running JavaScript or Flash on strange sites, downloading illicit torrents, enabling macros in documents, and opening e-mail attachments in out-of-date applications are strong examples. Responsible password selection also is invaluable for preventing both random and specific brute-force attempts.
Anti-malware products may block many drive-by-download exploit possibilities. Malware analysts also verify their ongoing potency against this family, and such programs should remove the NW24 Ransomware securely.
What software does isn't always reversible, and disinfecting a computer doesn't remove file-locking encryption. For a sure bet, anyone on Windows will want to put more stock in well-rounded backup solutions than in paying criminals' ransoms.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.