What is the Nlb Ransomware?
Our researchers recently identified a new ransomware variant, Nlb, which is part of the Dharma family. Upon launching the malicious program, it encrypted files and changed their titles by adding a unique ID, the attackers' email address, and the ".nlb" extension. For example, "1.jpg" was renamed to "1.jpg.id-9ECFA84E.nlb".
The ransomware then created two ransom-demanding messages: one in the form of a pop-up window and another in a text file titled "FILES ENCRYPTED.txt". The text file simply instructs victims to contact the hackers for data recovery while the pop-up provides some more details about the infection and warns against attempting to rename or decrypt files using third-party software as this may lead to permanent data loss or further financial losses due to scams.
The attackers claim that only they can recover the locked data and advise victims not to seek help from other sources.
Therefore, it is important for users to be aware of this ransomware threat and take measures such as backing up their data regularly in order to protect themselves from such malicious programs.
The Nlb ransomware note
The full text of the ransom note generated by the Nlb ransomware reads as follows:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email Rileyb0707@aol.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:Rileyb0707@cock.li
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
How can your computer get infected with ransomware like Nlb?
Ransomware like Nlb can infect computers through malicious emails, malicious websites, and malicious downloads. Malicious emails often contain attachments or links that, when opened or clicked on, will download the ransomware onto the computer. Malicious websites are webpages that have been created specifically to distribute malware. Finally, malicious downloads are files that have been downloaded from untrustworthy sources such as torrents and file-sharing sites.
Once a computer is infected with ransomware like Nlb, it will begin to encrypt files on the system and alter their titles by adding a unique ID string specific to the victim, the email address used by the cyber criminals, and the ".nlb" extension. Afterward, this ransomware creates messages in the form of one pop-up window as well as a text file titled "FILES ENCRYPTED.txt". The text file tells victims to contact the cyber criminals in order to recover the locked data while the note in the pop-up window provides more information regarding the infection and warns against attempting to rename or decrypt files using third-party software as this may lead to permanent data loss or further financial losses due to scams.
What can you do if your files are already encrypted by the Nlb ransomware?
If your files have already been encrypted by the Nlb ransomware, it is important to remain calm and not panic. The first step is to try and identify how the ransomware was able to infect your system in order to prevent further infections. It is also important to avoid paying the ransom as this may not guarantee that you will get your data back and could even lead to further financial losses due to scams.
Instead of paying the ransom, victims should look into alternative methods for recovering their data such as using backups or file recovery software. If these options are not available, victims can contact a reputable cybersecurity firm for help with decrypting their files. It is also important to note that some variants of Dharma ransomware have been cracked, so it may be possible for victims of Nlb ransomware to recover their data without having to pay a ransom.