NEVADA Ransomware Targets Both Linux and Windows Computers

NEVADA is a type of ransomware that affects Windows and Linux operating systems and is coded in Rust. Upon infecting a system, it encrypts files, adds the ".NEVADA" extension to their names, and leaves behind a ransom note in the form of a "readme.txt" file in the same folder as the encrypted files.

For instance, a file named "1.jpg" would be renamed to "1.jpg.NEVADA," and the same goes for "2.doc" which would become "2.doc.NEVADA." The creators of NEVADA are distributing it using the Ransomware as a Service (RaaS) model.

The ransom note explains that the attacker has stolen and encrypted the victim's files and gives two options: pay the ransom to maintain their privacy or risk losing valuable time by waiting for a miracle. The note cautions against waiting and warns that if contact is not made with the cybercriminals within three days, all crucial files will be published on a TOR website.

Additionally, the note warns against trying to recover the files from backups, as it will not prevent the files from being leaked, and instructs victims not to delete or rename the encrypted files or use public decryption tools, as these may contain viruses. Instead, victims are instructed to download the TOR browser and use a designated link to reach the attackers.

The NEVADA ransom note and demands

The complete ransom note produced by the ransomware contains the following text:

Greetings! Your files were stolen and encrypted.

You have two ways:
-> Pay a ransom and save your reputation.

-> Wait for a miracle and lose precious time.

We advise you not to wait.

After 2 days of your silence we will make call your superiors and notificate them about what's happened.

After another 2 days all your competitors will be informed about your decision.

Finally, after 3 days we will post your critical data on our TOR-website.

If you are going to recover your files from backupsa and forget this like a nightmare, we are hurry to inform you - you can't prevent a leak.

Recommendations:
-> Don't delete/rename encrypted files

-> Don't use any public "decryptor", they contain viruses.

You have to download TOR browser.

To contact with us your can use the following link:

-

The cat is out of the bag.

How can ransomware similar to NEVADA get on your system?

Ransomware similar to NEVADA can infect your system through various means, such as:

• Phishing scams: You may receive an email with a malicious attachment or a link that, when clicked, downloads the ransomware onto your system.
• Software vulnerabilities: Attackers can exploit unpatched software vulnerabilities to deliver the ransomware onto your system.
• Malicious websites: Visiting a compromised website can result in your system getting infected with ransomware.
• Drive-by downloads: You may accidentally download ransomware onto your system while downloading a seemingly legitimate program from a malicious website.
• Malicious ads: You may encounter malware-laden ads while browsing the web that can infect your system when clicked.

It is important to keep your system and software updated, be cautious of emails and links from unknown sources, and avoid downloading programs from untrusted websites to reduce the risk of getting infected with ransomware.

Is there a surefire way to protect your data from possible ransomware attacks?

There is no foolproof method to protect your data from ransomware attacks, but there are several best practices that can greatly reduce the risk:

• Keep your operating system and software updated: Regularly installing security updates and patches helps to fix vulnerabilities that could be exploited by attackers.
• Use robust antivirus software: Antivirus software helps detect and prevent malicious software, including ransomware, from infecting your system.
• Backup your data: Regularly backing up your data to an external source, such as an external hard drive or cloud storage, can help you recover your files if your system becomes infected.
• Be cautious with emails and links: Avoid clicking on emails or links from unknown or suspicious sources, as these can often be used to deliver ransomware.
• Be careful when downloading files: Only download files and software from trusted sources and be wary of files that come with attachments or are sent from unexpected sources.

By implementing these measures, you can greatly reduce the risk of your system and data being impacted by a ransomware attack. However, it is important to keep in mind that even the most thorough security measures may not completely prevent all attacks, so it is essential to regularly backup your data to minimize the risk of data loss.