TotalSystemSecurity.com

Find the Best solution for PC threats

Tag: remove .NM4 encrypted files

How to Remove NM4 Ransomware and restore .NM4 encrypted files

NM4 RansomwareThreat In Detail

NM4 is a newly detected threat in the family of ransomware that encrypts most of the files on the attacked PC. This harmful virus infiltrates through spam mail attachments, infected links and fake ads injected on malicious webpages. NM4 demands huge ransom of 3 BTC or roughly $3900 to be paid in form Bitcoins as the decryption fees. This ransomware is able to delete the shadow volume copies of the encrypted files and encrypts the files by appending .NM4 extension. NM4 Ransomware leaves a ransom note that instruct the user on how the pay the ransom amount using the website through TOR network.

Cyber experts always recommend keeping a backup of all important files and never pay any ransom to such criminals as it is no any guarantee that they are going to give your files back. Instead go for powerful removal tool to remove NM4 ransomware from PC and try recovering files using data recovery tool.

Technical Details

Name NM4 Ransomware
Type Ransomware
Description NM4 Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.
Occurrence spam mail attachments., exploit kits, malicious links and java script codes..
Possible Symptoms The ransom note can be seen on desktop and other file directories and files could not be accessible.
Detection Tool Download the Detection toolTo confirm attack of NM4 Ransomware virus on your computer.

Distribution Method

NM4 Ransomware is distributed via email spam attachments which might be in the form of a RAR, ZIP and un-archived DOCX-files that contains the payloads of the virus. Other sources might include visiting infected websites containing java script codes, file sharing from infected network, freeware distribution, exploit kits and spam bots.

Users are advised to be careful while downloading or clicking on any suspicious link. As it may appear to be a useful or attractive program or ads that can save your money but could actually download the malicious payload onto the computer and silently execute its program.

More about NM4 Ransomware

After getting installed, NM4 Ransomware may drop malicious payloads and entries as in the Windows’s registry to auto-launch its program as soon as the user starts its machine.

→HKEY_CURRENT_USER\Software\Microsoft\\Windows\CurrentVersion\Run

NM4 Ransomware uses AES-256 bit and RSA-2048 encrypting algorithm to encrypt files like Documents, PDF, photos, music, videos, databases, etc. After encrypting the files, the ransomware changes the desktop wallpaper to ransom note as “Recovers your files.html”.

.NM4 ransomware Virus

 

Along with that, NM4 Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.

The ransom Note says:

Your Key: [redacted] Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.

The only way to decrypt your files safely is to buy the Descrypt and Private Key software.
Any attempts to restore your files with the third-party software will be fatal for your files!
To proceed with the purchase you must access one of the link below

https://3fprihycwetwk2m7.onion.to/
https://3fprihycwetwk2m7.onion.link/

If neither of the links is online for a long period of time, there is another way to open it, you should install the Tor Browser

If your personal page is not available for a long period there is another way to open your personal page – installation and use of Tor Browser:

1. run your Internet browser (if you do not know what it is run the Internet Explorer);
2. enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER;
3. wait for the site loading;
4. on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed;
5. run Tor Browser;
6. connect with the button ‘Connect’ (if you use the English version);
7. a normal Internet browser window will be opened after the initialization;
8. type or copy the address https://3fprihycwetwk2m7.onion in this browser address bar;
9. press ENTER;
10. the site should be loaded; if for some reason the site is not loading wait for a moment and try again.
If you have any problems during installation or use of Tor Browser, please, visit https://www.youtube.com and type request in the search bar ‘Install Tor Browser Windows’ and you will find a lot of training videos about Tor Browser installation and use.

Your Key: [redacted]

 

NM4 Ransomware uses the following TOR network as the payment gateway for the victim.

  • https://3fprihycwetwk2m7.onion
  • https://3fprihycwetwk2m7.onion.link
  • https://3fprihycwetwk2m7.onion.to

After successfully connecting to the network, the victim are redirected to the login page and are asked to provide their ID and this is how the victims are dragged to the payment page.

nm4-ransomware-virus-r-ransom-payment-instructions-page

.NM4 file virus deletes the shadow volume copies of the encrypted files. so that the users are only left with the option to pay them.

→vssadmin.exe delete shadows /all /Quiet

List of file extension encrypted

→ .3dm, .3ds, .3g2, .3gp, .7z, .accdb, .aes, .ai, .aif, .apk, .app, .arc, .asc, .asf, .asm, .asp, .aspx, .asx, .avi, .bmp, .brd, .bz2, .c, .cer, .cfg, .cfm, .cgi, .cgm, .class, .cmd, .cpp, .crt, .cs, .csr, .css, .csv, .cue, .db, .dbf, .dch, .dcu, .dds, .dif, .dip, .djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dtd, .dwg, .dxf, .eml, .eps, .fdb, .fla, .flv, .frm, .gadget, .gbk, .gbr, .ged, .gif, .gpg, .gpx, .gz, .h, .htm, .html, .hwp, .ibd, .ibooks, .iff, .indd, .jar, .java, .jks, .jpg, .js, .jsp, .key, .kml, .kmz, .lay, .lay6, .ldf, .lua, .m, .m3u, .m4a, .m4v, .max, .mdb, .mdf, .mfd, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpa, .mpg, .ms11, .msi, .myd, .myi, .nef, .note, .obj, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .pages, .paq, .pas, .pct, .pdb, .pdf, .pem, .php, .pif, .pl, .plugin, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .priv, .privat, .ps, .psd, .pspimage, .py, .qcow2, .ra, .rar, .raw, .rm, .rss, .rtf, .sch, .sdf, .sh, .sitx, .sldx, .slk, .sln, .sql, .sqlite, .sqlite, .srt, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tex, .tga, .tgz, .thm, .tif, .tiff, .tlb, .tmp, .txt, .uop, .uot, .vb, .vbs, .vcf, .vcxpro, .vdi, .vmdk, .vmx, .vob, .wav, .wks, .wma, .wmv, .wpd, .wps, .wsf, .xcodeproj, .xhtml, .xlc, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .yuv, .zip, .zipx, .dat

If you are among the one being a victim of “NM4 Ransomware”, then we would strongly suggest you not to pay any ransom to illegitimate persons behind it. Because even after paying they are not going to give your files back. So it is urged that you must opt for removal solutions for NM4 Ransomware and try to recover files by automatic data recovery tool or any backup copy if you have.

(more…)

Welcome To TotalSystemSecurity.com, we will provide users with latest news and information about computer threats like Adware, Spyware, Trojan, Browser Hijacker and Ransomeware. Here at TotalSystemSecurity.com, you will get all minute information about latest threats and manual removal instructions. We Hope our guides and articles help you troubleshoot your PC issues.

TotalSystemSecurity © 2015-2017