Home Malware Programs Ransomware Novasof Ransomware

Novasof Ransomware

Posted: July 25, 2019

The Novasof Ransomware is a file-locker Trojan that can encrypt media for stopping it from opening. Its payload includes supporting features, such as removing backups, and an attempt at extortion through a ransom note. Users should avoid the ransom payments and, if possible, use other means of recovery, and delete the Novasof Ransomware through a trusted anti-malware service.

The Trojan's Progress: Another Chapter in the STOP Ransomware Business

After the 1.25 build of the Dodoc Ransomware, the 1.17 of the Berosuce Ransomware, and older variants like the Nusar Ransomware or the Mogera Ransomware, it could be surprising to some to see the STOP Ransomware still going strong. The Ransomware-as-a-Service is maintaining a frenetic development pace, although malware experts can unearth no notable features changing how the Trojans behave towards their victims. The newest case in point is the Novasof Ransomware of version 1.27.

Verifiable attacks involving the Novasof Ransomware are out in the wild and engaged in encrypting (or 'locking') victims' files in return for ransom payments. If it's remaining true to the past strategies that this family prefers, Windows and Linux users in Southeast Asia are at high risk and may compromise their systems through interactions with torrents or other, illicit download resources. Users can expect no symptoms while the Novasof Ransomware begins encrypting content, according to their formats, for stopping the files from opening.

However, Novasof Ransomware's aftereffects include stereotypical symptoms, such as:

  • The Trojan can disable error messages during boot-up (for hiding its presence).
  • It can delete various backups, including, most relevantly, the data that Windows uses for its Restore Points feature.
  • It can create a message asking for a ransom for the criminal's unlocking help in a Notepad-format text file.
  • The files that the Novasof Ransomware is blocking, furthermore, are identifiable through the Trojan's custom extension of 'novasof,' which it adds to the ends of their names.

The Price of Going Soft on a Novasof Ransomware Infection

The Novasof Ransomware operates its encryption routine in the same way as its relatives: it contacts a server and downloads a key that secures the file from any reverse-engineered decryption. If the server is unavailable or the Trojan has no Internet access, it can proceed with a less-secure version of the attack that uses a baked-in code, instead of the dynamic one. Free decryptors only are compatible with the second method, and malware experts note terrible retrieval chances for any media that the Novasof Ransomware blocks with a C&C key.

Practicing safe and legal Web-surfing habits will steer most users clear of the infection strategies that the Novasof Ransomware's family of the STOP Ransomware makes notable use of in 2019. Otherwise, backing up one's work to another system and keeping anti-malware products available can be the only chances of preserving files. Manual removal of the Novasof Ransomware is not encouraged for most users since traditional anti-malware programs are highly successful at identifying this family.

The Novasof Ransomware is a not-unexpected tick on the long list of updates to the STOP Ransomware. A Ransomware-as-a-Service, classically, will not run out of steam until its victims run out of ransom money.

Loading...