NMoreira Ransomware

We want to inform you about a new computer infection detected. It is called NMoreira Ransomware, and it seems to be a new product developed by a group of cyber criminals called the XRatTeam. Unlike other popular ransomware infections that have been released recently, it targets people whose place of residence is Portugal. It was not hard to find that because all files it leaves on the computer are in Portuguese. Of course, it can still enter your computer no matter where you live. It will become clear that this computer infection is inside the system when you find a bunch of encrypted files. To be more specific, all the files located in %USERPROFILE%, %ALLUSERSPROFILE% directories and their subfolders will be locked. Ransomware infections do not perform the encryption process just to make users angry. Ransomware infections find and then encrypt files to extort money from users. Do not be one of these users who send money to cyber criminals because there are no guarantees that you will receive the special key to unlock your personal files after doing that.

No matter you live in Portugal or another country, you must delete NMoreira Ransomware from your computer as soon as possible. Unfortunately, the deletion of this threat will not be a simple process because it creates two new registry keys: HKLM\SOFTWARE\Classes\.maktub and HKCR\.maktub. Apart from these changes in the system registry, it also creates a .txt file (Recupere seus arquivos. Leia-me!.txt) on Desktop. We want to make it clear that the deletion of a ransomware infection does not mean that all your files will be immediately unlocked; however, it is still a must to get rid of its all components in order not to allow it to strike again.

As you already know, the main goal of NMoreira Ransomware is to encrypt users’ files by appending the extension .maktub and then demand a ransom. To be frank, users are not told that they will have to pay money for the decryption key immediately. They do not find any information about that if they open a .txt file created on their Desktops too. According to specialists, users receive instructions explaining how to decrypt files only when they send an email to contatomaktub@email.tg with the public key listed in the .txt ransom note. Do not do that if you are not going to pay a certain amount of money required by specialists. Instead, you should go to delete the ransomware infection from your PC and then use alternative methods to recover files. For instance, users can recover the personal data if they have copies of their main files stored on a USB flash drive or another external device. Those who have not made backups of their files before the entrance of the ransomware infection should try all data recovery tools available on the web. You might be able to find a tool that could help you to recover, at least, some files without paying money to cyber criminals.

According to specialists at pcthreat.com, it is not easy to say how this ransomware infection usually enters computers; however, it is evident that this threat sneaks onto computers illegally and then immediately starts encrypting files stored on the computer. According to specialists, the majority of ransomware infections enter computers when users download attachments they find in spam emails, so if you have done that recently too, it means that you have allowed a malicious application to enter the system yourself. A new malicious application encrypting files might enter the computer again in the future. We are sure that you do not want to lose your files again, so we suggest installing an automatic malware remover right after the deletion of NMoreira Ransomware.

As you already know, NMoreira Ransomware has been developed to obtain money from users. Of course, you should not give what cyber criminals want even if the personal data is not going to be unlocked. What users should do instead is to delete NMoreira Ransomware fully from their computers. Instructions provided below will help users who are going to delete this threat manually. If you find this removal method too complicated, scan your system with an automatic malware remover, e.g. SpyHunter. It can be downloaded from our website by clicking on the Download button (it is located below the manual removal guide).

Delete NMoreira Ransomware

1. Win+R.
2. Type regedit.exe. Click OK.
3. Right-click on the registry key HKCR\.maktub and select Delete.
4. Right-click on HKLM\SOFTWARE\Classes\.maktub and then delete it.
5. Locate and delete the malicious file you have launched.
6. Remove the Recupere seus arquivos. Leia-me!.txt file from Desktop.