NominatusCrypt Ransomware Preserves Filenames and Extensions

ransomware

NominatusCrypt is the name of a newly discovered strain of file-encrypting malware. The new variant appears to belong to the family of ransomware clones based on the EvilNominatus ransomware.

While NominatusCrypt will encrypt files and make them unreadable just like every other ransomware type, it does nothing to change the filenames or extensions. Files still have their contents encrypted, but there is no visual change to an encrypted file if you just look at it in Windows Explorer.

If a file was formerly called "image.jpg", it will still show up as "image.jpg" after encryption, which is confusing, as there is no way to tell an encrypted file from an unencrypted one except trying to open it.

The ransomware deposits its very unusual ransom demands inside a pop-up window that contains the following:

All Files has been Encrypted and cannot be decrypted without paying the ransom to the developer. You became Victim of NominatusCrypt Ransomware!

How Can i Decrypt my Files?

if you try to escape we will leave your files encrypted forever!

some people think ComboCleaner can decrypt your files but thats not true!, theres no way to crack AES encryption algorithm!! if you install it you will make a big mistake because the decryptor is in this ransomware if combo cleaner remove it... then we can't decrypt your files!

2 ways to decrypt your files:

1- Spread this ransomware to 3 users

( NOTE: They need to EXECUTE the ransomware )

then send a proof screenshot to the Creator of this Ransomware and Pay 100$ ( hacker will tell you how to pay )

2- send your private informations instead of paying the ransom.

for example your passwords your email address your location your phone number and more ( hacker will tell you what information )

Developer Mail Address = TrollIsDead at proton dot me

Live or Die

Make your choice now.

Nominatus Data Invaders 2021-2022

The request to both pay $100 in ransom AND spread the ransomware to others or share your personal information with the threat actors is utterly bizarre, as a regular user would probably simply format their drive and reinstall their OS.

September 13, 2022