The Nibiru Ransomware is likely to be an unfinished file-encryption Trojan that borrows a major portion of its code from the Stupid/FTSCoder Ransomware project. The good news is that the encryption technique used by the NIBIRU Ransomware is decryptable, and its victims can use a free decryption tool to recover the data locked by the NIBIRU Ransomware. This threat does not seem to be a very serious project because its authors have quite ludicrous demands – an initial ransom fee of $120,000, which may raise to $1,000,000 if the payment is not sent within 54 hours of the initial infection. As usual, the attackers expect to receive the money via a Bitcoin transaction, and they even want the victim to use a specific website to purchase and transfer the Bitcoins. The service they promote is not one of the reputable ones so that it would not be a surprise if it also is part of their tactic.
The ransom note that the NIBIRU Ransomware uses is featured in a new program window, which is spawned immediately after the threat is finished encrypting the victim’s files. It contains the wallet address of the attackers, as well as the following e-mail addresses, which can be used to get in touch with the perpetrators – [email protected]’ and ‘[email protected].’ The note does not provide a list of the encrypted files, but victims should be able to recognize the damaged files easily because they will have their extensions changed to ‘.Doxes’ as soon as they are encrypted.
‘HACKERS INVASION
YOU HAVE EVERY REASON TO PANIC, BECAUSE WE JUST DROPPED OUR “NUKES” ON YOU. YOU TEND TO LOOSE TENS OF MILLIONS OF DOLLARS
IF YOU DARE TAKE US WITH LEVITY. ALL YOUR IMPORTANT FILES, SCREEN, DOCUMENTS, DATAS, MP3S, AND VIDEO ARE HACKED/LOCKED FOR NOW.
WE ARE READY TO GIVE YOU THE KEY TO GET ALL YOUR FILES, DOCUMENTS AND YOUR LIFE BACK IF ONLY YOU PAY $120,000 WITHIN 54 HOURS. IF YOU DELAY YOU PAY $1 MILLION TO US.
67bdfezx47n3FRTZd6dUXMTPk5ZV4re9bY2D
(1)Google {REDACTED]
(2)SIGN UP AND GET A BITCOIN WALLET
(3)BUY $120,000 WORTH OF BITCOIN
(4)PAY INTO OUR BITCOIN ADDRESS
ABOVE
(5)SEND THE PAYMENT PROOF TO OUR CONTACTS
(6)YOU GET KEY
(1) [email protected]
(2) [email protected]’
The source code of the NIBIRU Ransomware reveals some interesting details such as the fact that its authors have implemented scripts that may exploit logged-in accounts on Skype, MSN, and LimeWire to spread a corrupted link that leads to the NIBIRU Ransomware’s payload automatically. This is not the first time we’ve encountered such threat propagation method, and it is not confirmed yet whether the NIBIRU Ransomware is able to take full advantage of this part of its code.
We advise victims of the NIBIRU Ransomware to ignore the instructions and threats left by the attackers. They should download, install, and run a trustworthy anti-virus software suite immediately that can erase all of the crypto-threat’s components from the computer automatically. When this is done, they can use the ‘StupidDecrypter’ utility to get their files back to their unencrypted state quickly.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]
