Home Malware Programs Ransomware Nakw Ransomware

Nakw Ransomware

Posted: October 30, 2019

The Nakw Ransomware is a file-locking Trojan from the family of the STOP Ransomware. Although it can conduct other attacks, its primary symptoms involve stopping files from opening by encrypting them. Users should ignore any ransom demands from this threat, recover through backups, and let their anti-malware services uninstall the Nakw Ransomware.

The Next Number in Software Extortionists

Ransomware-as-a-Service remains, at least theoretically, profitable, as criminals are continuing the act of hiring out customized variants from families like the Scarab Ransomware, the Dharma Ransomware and the STOP Ransomware. A new release in the latter group is targeting users in the Philippines, which is part of the family's traditional 'stomping grounds.' Malware researchers also confirm that current decryption freeware doesn't work on this Trojan, dubbed the Nakw Ransomware.

The Nakw Ransomware, build '0177,' uses a two-part encryption method for blocking files, like many of the other RaaS families that it competes with during its campaign. The first half uses a non-dynamic, AES algorithm, but the second, RSA portion, may use an internal or externally-downloaded one. Users who disconnect from the Internet immediately may keep the Nakw Ransomware from securing its encryption with the dynamic key and, therefore, have slightly better chances of recovering any files.

The Nakw Ransomware targets media formats according to its familial blacklist, including Word and Notepad documents, various pictures, space-compressed archives, audio and others. While it uses a similar encryption method to other Trojans from its family (see also: the Djvu Ransomware, the Bora Ransomware, the Peta Ransomware, the Nasoh Ransomware, and more), it marks them with different extensions. In this Trojan's case, it appends 'nakw' strings at the end of filenames.

Sending Islander Trojans Back Out to Drift

The Philippines geotargeting of the Nakw Ransomware's campaign is also a potential thematic tie in its name, which highly resembles the Filipino word for 'stealth.' Since file-locking Trojans like the Nakw Ransomware will either conduct attacks via totally-hidden, background memory processes or generate fake update pop-ups for disguises, the theme is an appropriate one. Ordinarily, users have few or no symptoms between the installation of a STOP Ransomware member and its encryption attacks.

While there are poor odds of detecting the Nakw Ransomware by eye, malware experts can recommend users saving secure, non-locally-stored backups for totally mitigating its encryption feature. The Nakw Ransomware remains threatening potentially despite this precaution, however. It may download Mimikatz and other spyware, block your Web browser through the Hosts settings and transfer system data over to its C&C server. Attacks by the Nakw Ransomware are easily checked by users not taking unwise chances with their media, but at least one victim saw fit to gamble. The cost is more than just a ransom, unfortunately, since admins for Trojans like the Nakw Ransomware don't always keep their side of any bargains.

Loading...