Nochi Ransomware Mentions no Contact Details
Our team of researchers recently uncovered a new form of ransomware called Nochi while investigating new malware samples. This malware appears to be based on the Chaos ransomware, and when we tested it on our machine, it encrypted files and appended the ".nochi" extension to their filenames. For example, "1.jpg" would become "1.jpg.nochi" and "2.png" would become "2.png.nochi."
After encrypting the files, the ransomware creates a ransom note called "read_it.txt" on the desktop. This note informs victims that their data has been encrypted and the only way to retrieve it is by purchasing decryption tools from the attackers. The note demands a ransom of 1,500 USD in Bitcoin cryptocurrency, but the amount listed at the bottom of the message - 0.1473766 BTC - is currently worth over 3,000 USD, although this can fluctuate due to currency conversion rates.
While the message includes the cryptowallet address of the cybercriminals, it does not provide any contact information. It is important to note that paying the ransom does not guarantee that the files will be decrypted, and it can also encourage further attacks in the future. Therefore, it is important to implement robust security measures to prevent ransomware attacks, such as keeping software up-to-date, using strong passwords, and regularly backing up important data.
Nochi Ransomware Only Lists Crypto Wallet
The ransom note generated by Nochi reads as follows:
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com Paxful
Payment informationAmount: 0.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
How is Ransomware Like Nochi Usually Distributed?
Nochi ransomware is typically distributed through various means, including phishing emails, social engineering tactics, and exploiting vulnerabilities in software and operating systems.
Phishing emails are one of the most common methods of distribution. Attackers may send emails that appear to come from legitimate sources, such as financial institutions, government agencies, or well-known companies, and trick users into clicking on a malicious link or downloading an infected attachment.
Another way Nochi ransomware can be distributed is through social engineering tactics. This involves manipulating users into performing certain actions, such as downloading and installing a fake software update or clicking on a link that appears to be genuine but actually leads to a malicious website.
Exploiting vulnerabilities in software and operating systems is another common method used by attackers to distribute Nochi ransomware. Cybercriminals search for vulnerabilities in commonly used software, such as web browsers, and exploit them to gain access to a victim's computer or network. Once they have access, they can install Nochi ransomware and encrypt the victim's files.
In summary, Nochi ransomware can be distributed through a variety of methods, and it's important for individuals and organizations to stay vigilant and take steps to protect themselves, such as keeping software up-to-date, using antivirus software, and avoiding suspicious emails and links.