Windows users living in China need to be very cautious about CXK-NMSL Ransomware, a malicious file-encrypting threat that can encrypt most, if not all, personal files on the infected computer. These could range from barely important documents to highly precious photos. Amongst the files that this malware encrypts, we have .RAR, .AVI, .DOC, .JPG, and various other types of files. Once they are fully encrypted, you will not be able to open them, and that is what might make the ransom note much more effective. This note is represented using a file named “CXK-NMSL-README.txt,” and we talk about it more in this report. We also discuss the decryption of your files – which, apparently, should be possible – and, of course, the removal of the malicious threat. Note that while you cannot restore files by deleting CXK-NMSL Ransomware, it must be eliminated right away.
The first sign that CXK-NMSL Ransomware might have invaded your operating system could be the “.cxk_nmsl” extension appended to your files. You should notice right away that all files with this extension cannot be read, and that means that they were encrypted. When it comes to encryption, our researchers claim that the attackers behind the threat encode files with the “certutil –encode” command that encodes files with base64, and that means that files can be restored for free. Of course, if you are not quite familiar with the process of writing scripts and using decoding programs, it is best if you find a professional who can help you. At the end of the day, you do not want to make a bigger mess, and so you should leave experimentations for another occasion. If you have nobody to turn to, maybe you have backup copies of personal files? If you do – and all people are advised to have backups stored outside their computers – you can easily replace the corrupted files once you remove CXK-NMSL Ransomware.
The “CXK-NMSL-README.txt” is created after the encryption, and, of course, the message inside is written in Chinese. The “你电脑上的文件都被加密了” message informs that a certain fee must be paid to the attackers behind CXK-NMSL Ransomware if the victim wants to have their files restored. The fee is 100B币. Do you have enough money to cover the ransom? That is not the question you should ask yourself. The question you must ask is whether or not you should pay the ransom at all? Of course, you should not, especially since it looks like victims of this malware can restore their files for free. What if that was not an option? Can you trust cybercriminals to restore your files after you fulfill their demands? Of course, you cannot because cybercriminals cannot be trusted in any situation. What they promise you is unlikely to reflect any real intentions on their behalf. This is what we tell to the victims of Karl Ransomware, LOCKED_PAY Ransomware, Koko Ransomware, and all other malicious file-encryptors. Also, note that if you decide to employ a third-party decryptor, make sure it is legitimate before you install it. At the time of research, a real decryptor that would specifically decrypt CXK-NMSL Ransomware victims’ files did not exist.
In conclusion, your operating system requires protection and attention. If you do not take care of it, malicious infections could slither in and make a mess. Note that the launcher of CXK-NMSL Ransomware could hide within inconspicuous software bundles and spam emails, and so you yourself need to look out for it. You also need to make sure that you keep your operating system guarded because invisible threats could slither in and download new infections, or cybercriminals could exploit existing security backdoors to drop it onto your system. Since Windows security is something that you need to take care of anyway, we advise installing anti-malware software. It will automatically remove CXK-NMSL Ransomware and secure your system. Before that, figure out what you want to do about the encrypted files. Will you replace them with backups? Will you seek out professional help?