Nozelesn Ransomware

Ransomware removal experts have found a new ransomware gatehring speed on the horizon. The breach was found on July 1st, when Nozelesn Ransomware was found to be affecting users in Poland. Nozelesn is similar to other ransomwares like Leen, Omerta and others. These ransomwares are developed by different hackers but their basic function and motives are the same.

Since this ransomware is new, hence there is no exact number of the people known to have been attacked by it. However, ransomware removal experts think that the ransomware may have attacked a substantial number of individual users and companies already.

What is Nozelesn Ransomware?

Nozelesn is spread through spam campaigns where mass emails are distributed to several users on the internet. Nozelesn works similarly to other ransomware as it silently enters a computer system and encrypts’ computer’s files. Nozelesn Ransomware makes modifications in the Windows Registry to achieve control of the Windows Operating System. This is done so the user cannot try to remove ransomware by tinkering with the OS.

Afterwards, the ransomware focuses on the encryption process. After encryption; the files are unable to be accessed by the victims. Moreover, the extension of these files are modified and changed to “.nozelesn”. After encryption, a file of the format for HTML is added into the folders of the computer. This HTML file is the ransom note.

The HTML file states that the files of the users are encrypted and they will have to pay money in return for the access of their files.  The ransom details include the procedures required to access TOR browser and pay the attackers.

Additionally, the ransom file also contains a password that can help the users to login in TOR. The ransom is priced at 0.10 Bitcoin. Time duration of 10 days is provided to the victims to pay ransom. Delay in ransom is threatened with the permanent loss of data.

So what to do if you are affected by Nozelesn Ransomware? Since it is a new ransomware, hence not much is known about it. However, as a general rule of thumb, avoid paying any ransom to the attackers as generally these cybercriminals are not to be trusted.