Nigra Ransomware Lists No Ransom Demand

While reviewing incoming malware submissions, our research team recently came across the Nigra ransomware. This type of software is specifically designed to encrypt data and then demand payment in exchange for decrypting it.

On our test system, Nigra effectively encrypted files and added a unique identifier assigned to the victim, the email address of the cybercriminals, and a ".nigra" extension to the filenames. For example, a file originally named "1.jpg" would appear as "1.jpg.[baf1c5b249].[c2y@startmail.com].nigra" after the encryption process.

Once the encryption was complete, a ransom note named "README_WARNING.txt" was left behind. In this note, the victim is informed that their files have been encrypted, with no harm done to their file structure. To decrypt their files, a ransom must be paid. However, before making the payment, the victim has the option to test the decryption process by sending the attackers three encrypted files that meet certain specifications.

The message emphasizes that only the cybercriminals responsible for the attack have the capability to restore the affected files. It warns the victim against attempting to alter their files or seeking assistance from third parties.

Nigra Ransom Note Mentions no Specific Ransom

The complete text of the Nigra ransom note reads as follows:

Greetings

Little FAQ:
1
Q: Whats Happen?
Your files have been encrypted for NIGRA. The file structure was not damaged, we did everything possible so that this could not happen.
2
Q: How to recover files?
If you wish to decrypt your files you will need to pay us
you can send a three small files for testing,'excel ,word,txt,jpg' something.
As a guarantee of our decryption ability.

3
Q: How to contact with you?
You can write us to our 3 mailboxes: c2y@startmail.com and malluma@beeble.com or restaurera@rbox.co
If we do not reply within 24 hours, it means that the mailbox has been blocked, please contact our backup mailbox.

(please in subject line write your ID: -)

WARNING STATEMENT

DON'T try to change encrypted files by yourself!

We have never posted any decrypted videos on youtube, any SNS, please don't trust those crooks who post so-called decrypted videos

choose to trust them, unless you have a lot of money!

If you need decryption, please contact us via our email, we will only get in touch with you via email.

The private key for decryption only exists in our hands, and only we can help decrypt files in this world

How Can You Avoid Ransomware Infections?

To avoid ransomware infections and protect your data, you can follow these best practices:

  • Keep Your Software Updated: Regularly update your operating system, software, and applications. Software updates often contain security patches that address vulnerabilities that ransomware can exploit.
  • Use Antivirus and Anti-Malware Software: Install reputable antivirus and anti-malware programs and keep them up-to-date. These tools can help identify and remove ransomware threats.
  • Enable Firewall Protection: Use a firewall to block unauthorized access to your computer or network. Most operating systems have built-in firewalls, which you should enable.
  • Be Cautious with Email Attachments and Links: Be vigilant when opening email attachments or clicking on links, especially if the email is from an unknown sender. Ransomware often spreads through malicious email attachments or links.
  • Use Strong Passwords: Use complex, unique passwords for your accounts and change them regularly. Consider using a password manager to help generate and manage strong passwords.
  • Implement Multi-Factor Authentication (MFA): Enable MFA for your important accounts. This adds an extra layer of security by requiring you to provide two or more forms of verification to access your account.
  • Backup Your Data: Regularly back up your data to an external drive or a secure cloud storage service. In the event of a ransomware infection, having a backup can allow you to restore your data without paying a ransom.
By Zaib
October 12, 2023
Ransomware
English
October 12, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

POLINA Ransomware Lists No Ransom Demand

POLINA ransomware is a newly discovered strain of file-encrypting malware. The ransomware was first spotted in July 2022 and it does not seem to share code or belong to any of the big ransomware families. Once... Read more

July 29, 2022
Ransomware

Payt Ransomware Lists No Specific Ransom Demand

Payt ransomware is the name of a new strain of file-encrypting malware. This new variant does not seem to belong to any particular ransomware family. Once deployed on a target system, Payt encrypts files on it,... Read more

August 5, 2022
Ransomware

Prestige Ransomware Lists No Ransom Demands

Prestige is the name of a new ransomware variant that is not related to any of the big ransomware families. Prestige will encrypt files found on the victim system's drives once deployed, scrambling their contents and... Read more

October 26, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.