NZMR Ransomware
Posted: July 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 169 |
| First Seen: | July 13, 2017 |
|---|---|
| Last Seen: | June 20, 2023 |
| OS(es) Affected: | Windows |
The NZMR Ransomware is a Trojan based on EDA2 that locks your media with an encryption algorithm and solicits money through ransom messages. Unlike most threats of its category, the NZMR Ransomware delivers its demands through image files, although other details, such as the type of payment accepted, are conventional. While your anti-malware programs should find, block, and delete the NZMR Ransomware on sight, having backups can give users another layer of defense against these data-encrypting attacks.
Trojans Offering Ransoms without Grammar Lessons
Although it's not quite as much in use as the earlier project of Hidden Tear, Utku Sen's EDA2 remains ripe for abuse by threat actors who want to include encryption into their attacks. One of the newer samples, the NZMR Ransomware, still bears the copyright date of the original program, but its author has given it at least one, entirely original component. While attacking your local data, the NZMR Ransomware also drops a message asking for payment for restoring them but does so with significantly poor linguistic skills.
Since the NZMR Ransomware includes remnants of garbled Spanish in its otherwise English instructions, its threat actor most likely is a Spanish speaker hastily using an automatic translation utility to achieve compatibility with other regions. Although the wording of the NZMR Ransomware's ransom note (which it downloads, in an image-based format, from Imgur.com, instead of storing it internally) is unique to this campaign, other aspects are similar to past attacks. These traits include:
- The NZMR Ransomware provides a one-day time limit for paying, after which the threat actor may delete your decryption key.
- The NZMR Ransomware accepts payments only via Bitcoin, which requires the receiver's consent for refunds. This limitation opens the door to the possibility of a victim paying, getting no decryption help, and having no recourse for restitution.
Malware experts still are collecting information on which types of files the NZMR Ransomware is attacking. EDA and Hidden Tear familial threats almost always use some variant of an AES cipher for encoding, which may be responsive to cracking by free decryption software hosted by members of the PC security industry.
Making Sure Your Computer isn't 'Hack'
Its text identifies its authors with no more of a label than 'NZMR team,' but internal directory data suggests that the NZMR Ransomware is the work of a single user referring to himself as 'DarkPC.' Although it shows almost no effort in its basic user-friendliness and language parsing, the NZMR Ransomware is no less capable than similar members of the EDA2's family, for encoding and blocking files such as pictures, documents, spreadsheets or archives. Malware analysts also find no name-altering features in the NZMR Ransomware's payload, which could mean that the encrypted content is undetectable up until the point that you try to open it.
Backing up your content always is better than risking payment to a con artist for getting access to a decryption tool. Free decryption software also is highly compatible with most variants of the NZMR Ransomware's family and should be tested on copies of any content before taking any drastic actions. Blocking the NZMR Ransomware at its distribution source, such as by running anti-malware scans on any new e-mail attachment, also is highly recommended for your PC's protection.
Deleting the NZMR Ransomware should be a limited problem for any good anti-malware product, with most brands already detecting it without trouble. However, taking the safety of your files for granted is what may create the vulnerabilities that even poorly-speaking threats like the NZMR Ransomware can twist to profitable ends.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.