Cyber criminals have released a new ransomware infection NSMF Ransomware recently. At present, it does not encrypt a single file even though a ransom note it leaves for users informs them that their files have all been locked. Since it is the major activity ransomware-type infections perform, specialists working at 411-spyware.com suspect that this threat is not working properly or it is still in the development stage. If you have a version of NSMF Ransomware which has not encrypted your files, it does not mean that you can keep it there because cyber criminals might release an update in the future and it might get it after connecting to its server. In this case, it will surely lock your files if it has not done that yet. All ransomware infections want money from users – NSMF Ransomware is no exception. In fact, it is one of those ransomware-type infections which ask a huge amount of money. Specifically speaking, it tells users to send 5 Bitcoin (~ 12 707 USD at today’s price) to the provided Bitcoin address. There are no guarantees that files will be decrypted after making a payment. Actually, even if we knew that it is an effective file recovery method, it would still not be clever to send such a huge amount of money to cyber criminals in exchange for files, especially if the locked data consists of games and movies mainly. No matter what you decide, do not forget to remove the ransomware infection from your PC because it will not be removed from the system automatically – we will discuss its removal in the last paragraph.
Research done by specialists at 411-spyware.com has revealed that there are three main distribution strategies cyber criminals adopt to spread NSMF Ransomware. First, it might be spread through unsafe RDP connections. Second, it might travel as an attachment in spam emails and enter computer when malicious attachments from these emails are launched. Third, users might confuse it with a trustworthy application and download it from a P2P or another website belonging to third parties. Following the successful entrance, NSMF Ransomware drops a file readme.txt on Desktop. It should also encrypt users’ files, e.g. pictures, movies, text files, etc. by appending a new extension .nsmf to all of them. It seems that it will affect only those files located on Desktop, so, in the opinion of our specialists, it is not worth paying a ransom of 5 Bitcoin for their decryption. Of course, it does not mean that you should give up immediately after finding your files locked. There is a way to decrypt files for free – users can recover them from a backup. If you have never backed up your files, you could not recover your files using this method, but you should not hurry to erase those encrypted files from your PC because if NSMF Ransomware ever becomes a prevalent infection and affect many computers, specialists might develop a free decryptor.
As mentioned in the previous paragraph of this article, ransomware infections are sneaky threats that might enter computers illegally. Although a bunch of different methods might be adopted to spread them, it does not mean that you will necessarily end up with a new crypto-threat in the future. We can assure you that it is possible to protect the computer from the entrance of malware. First, you should stay away from suspicious websites promoting software because such websites usually spread freeware together with bad applications. Second, do not open spam emails and their attachments no matter how harmless they look. Third, you should secure your RDP. On top of that, our security specialists say that there must be a security application installed on all computers with the Internet connection.
No matter NSMF Ransomware has locked your files or not, you must remove this ransomware infection from the system as soon as possible. The removal of this ransomware infection will not unlock your files if you have found them encrypted, but, at least, you will be sure that it will not lock any new files one day. Luckily, it will be enough to perform two removal steps to get rid of it: first, kill the suspicious process and remove the malicious file directly associated with it and, second, delete all suspicious files from Desktop, the Downloads folder, and the Temp directory. We know that it might be hard to distinguish those malicious files from decent ones, so we want you to know that you can delete this ransomware infection automatically, i.e. using an automated malware remover as well.