Home Malware Programs Ransomware Nypd Ransomware

Nypd Ransomware

Posted: June 12, 2020

The Nypd Ransomware is a file-locking Trojan that's a member of a Ransomware-as-a-Service named STOP Ransomware or Djvu Ransomware (after one of its prominent variants). Threat actors deploy the Trojan as a means of blocking digital media and selling their ransom-based service for restoring it afterward. Users can protect themselves with backups for recovering freely and anti-malware services for catching and removing the Nypd Ransomware appropriately.

TMPs that aren't So Temporary

Trojans pretending to be something else is a chameleon strategy that's often part of a Ransomware-as-a-Service's deployment plan. While dodging both users' eyes with fake filenames, and, in some cases, anti-malware products via more invasive methods, Trojans like the Nypd Ransomware buy just enough time to block precious files. The Nypd Ransomware campaign, a branch of the enormous STOP Ransomware or Djvu Ransomware family, shows that there still is power in using extensions that don't align with a file's format, even if it's one of the most simple exploits available.

The Nypd Ransomware's family is large sufficiently that recounting a complete list is highly impractical, but some example relatives include the Grod Ransomware, the Jope Ransomware, the Meka Ransomware, the Pezi Ransomware and the Zwer Ransomware. After infiltrating a vulnerable Windows environment, the Nypd Ransomware attempts to connect with its Command & Control server to download a customized encryption key. If it fails, the Trojan falls back to a static one. In either event, the Nypd Ransomware proceeds with encrypting the user's media, such as documents, images, and other standard work and recreational formats.

The Nypd Ransomware is most identifiable as part of its family through its text message, which is a ransom note with a very-recognizable TOR link, deadline, and a 'discount' on the ransom-based unlocking service. Malware experts recommend staying alert to the other risks from the Nypd Ransomware infections, as per standard familial features:

  • The Nypd Ransomware may collect passwords and additional information with the AZORult spyware.
  • The Nypd Ransomware can delete the Shadow Volume Copies, and with them, the Windows Restore Points.
  • The Nypd Ransomware may distract users while the encryption is proceeding by creating a mock-up of a 'Configuring update for Windows' progress bar.

Most samples of the Nypd Ransomware use 'TMP' extensions (with variable filenames) for hiding their installers. This tag represents a temporary file format and can keep users from recognizing the new program until the Trojan finishes its installation and setup.

Long-Term Resolution for the Next TMP Trojan

The 'temporary' format misnomer is a favorite sleight-of-hand exploit for file-locking Trojans, including examples like not just the Nypd Ransomware, but also the Remk Ransomware, the Gero Ransomware and the Lotej Ransomware. Users can counter such a trick easily by enabling fully-visible filename extensions, which erases the risk of downloading an executable that pretends that it's something else.

The risks of the Nypd Ransomware infections include losing most of the non-essential files on a compromised Windows system, the theft of login credentials and other security issues. For a surefire counter to the former problem, malware experts can recommend backing files onto cloud services with password protection or even removable drives. Decryption ransoms run into the always-present danger of criminals being honest bargainers, not necessarily, whether or not they receive timely payments from their victims.

Since trustworthy anti-malware products generally remain effective against this file-locking Trojan's family, there are no reasons for removing the Nypd Ransomware without their assistance. The uninstallation of the threat should proceed into follow-up steps, such as changing collected passwords to new ones.

The only way that the Nypd Ransomware makes money is by turning those without protection into its revenue sources. Any file that's worth a penny is worth preserving, and if its owner doesn't remember that, a Trojan like the Nypd Ransomware will.

Loading...