Ransomware Nozelesn Reportedly Using Spam to Target Poland

  • 0

Ransomware Nozelesn Reportedly Using Spam to Target Poland

Category : Uncategorized

Ransomware Nozelesn Reportedly Using Spam to Target Poland

Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment.

The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack.

A distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 1st and already have reported from victims in our forums and numerous cases have been spotted on ID Ransomware.

A researcher at CERT Polska, the Computer Emergency Response Team for Poland, has also stated that they believe the ransomware is being distributed through a spam campaign pretending to be a DHL invoice.

 

Ransomware

 

 

How ransomware works

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.

 

Phising Spam

 

What happens when you are infected with the Nozelesn Ransomware

Sample of Nozelesn Ransomware has not been found yet. The information of Nozelesn Ransomware based on the reports by victims who have posted in Bleeping Computer forum.

the ransomware will encrypt a user’s files and append the .nozelesn extension to the encrypted file’s name.

The ransomware will also create ransom notes on the computer named HOW_FIX_NOZELESN_FILES.htm. This ransom note contains isntructions on how to login to a TOR payment server at lyasuvlsarvrlyxz.onion to receive instructions. It also contains a unique personal code that the victim will be need in order to login to the server.

 

encrypt

 

The Nozelesn decryption cabinet

The TOR Payment server for this ransomware is called the “Nozelesn decryption cabinet” and is located at the lyasuvlsarvrlyxz.onion address. When you first visit the site you will be required to enter the personal code from your ransom note and a captcha answer into the login screen.

Once logged in you will see payment instructions that contain the amount of bitcoins to send and the address to send them to in order pay the ransom.  Currently the ransom payment amount is set to .10 bitcoins or approximately $660 USD.

It is not known if paying the ransom will result in getting a decryption key and it is strongly advised that you do not pay the ransom. Instead try and restore from backups or Shadow Volume Copies if they are available.

Once a sample is found, it will be analyzed to determine if a victim’s files can be decrypted for free. Once again, if you need help with this ransomware, please post in our Nozelesn Ransomware Support & Help Topic.

 

TOR

 

How to protect yourself from the Nozelesn Ransomware

To protect yourself from ransomware in general, it is important that you use good computing habits and security software. The most important step is to always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

A good security software solution that incorporates behavioral detections to combat ransomware and not just use signature detections or heuristics is important as well.

For example, Emsisoft Anti-Malware and Malwarebytes Anti-Malware both contain behavioral detection that can prevent many, if not most, ransomware infections from encrypting a computer.

 

Security

 

Follow the Points for security habits which are the most important in many cases:

  • Do not open attachments if you do not know who sent them.
  • Do not open attachments until you confirm that the person actually sent you them,
  • Scan attachments with tools like VirusTotal.
  • Do not connect Remote Desktop Services directly to the Internet. Instead, make sure they can only be accessed by logging into a VPN first.
  • Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
  • Make sure you use have some sort of security software installed that uses behavioral detections or white list technology. White listing can be a pain to train, but if your willing to stock with it, could have the biggest payoffs.
  • Use hard passwords and never reuse the same password at multiple sites.

 

VPN

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Leave a Reply

Show Buttons
Hide Buttons