Null Ransomware

Null Ransomware is a malicious computer infection that was designed to encrypt all of your important pictures and documents. It uses the Advanced Encryption Standard (AES) to do that which ensures a strong encryption. Its creators want you to pay a ransom if you want to get your files back. However, there is no guarantee that the developers will hold their end of the bargain and send you the decryption key. In any case, you have to remove it if you want to protect your files from them being encrypted again. Therefore, this article is dedicated to the safe removal of this infection. In it, we will discuss how this ransomware works, how it distributed, and the options you have to get rid of it.

Our research has revealed that Null Ransomware is most likely distributed via email spam. Unconfirmed reports claim that this ransomware is sent from a dedicated email server to random email addresses. The emails have the main executable of this ransomware added as a file attachment. The attached file may look like a PDF document. The emails can be made to look like invoices, receipts, tax return forms, and so on. They aim to convince you to open the attached file that, once run, will drop the primary executable file in %APPDATA%. The name of that executable is random, so identifying it manually can be tricky.

Once on your PC, Null Ransomware will start encrypting your files immediately. It uses the AES-256 to encrypt your files. This algorithm ensures a strong encryption that cannot be cracked easily. Currently, there is no free decryption tool to help you get your files back for free. This ransomware generates pubic encryption and private decryption keys. The decryption key is sent to its server and stored.

Once the encryption is complete, Null Ransomware will open its user interface window. The interface window has a black background and features several tabs that include What happened to my PC, Encrypted files, How do I recover my files, How do I send Bitcoins?, What is AES 256. The price asked for a decryption key is 0.00234275 BTC which is an approximate 10 US dollars. The sum to be paid is not large, but there is no guarantee that the cyber criminals will keep their word and send you the decryption key once you have paid.

Before you can delete this ransomware, you have to terminate its running process. You have to go to Task Manager, go to the Processes tab and locate a process called "strix." However, the process can have an entirely different name. Once you have identified the ransomware, right-click the process and click End Task, and then you can go to the location of the file and delete it.

In closing, Null Ransomware is a highly malicious application that can enter your PC by stealth through malicious emails. Once on your PC, it will encrypt your documents and pictures and demand that you pay 10 USD dollars in Bitcoins. However, you might not get the decryption key once you have paid. In any case, you ought to remove this ransomware either by getting an anti-malware program such as SpyHunter or using the guide located below this article.

Manual removal guide

1. Hold down Ctrl+Shift+Esc keys.
2. Click the Processes tab.
3. Find a process called “strix” (the name can be random, however)
4. Right-click it and click End process.
5. Close the Task Manager.
6. Hold down Windows+E keys.
7. Type %APPDATA% in the address box.
8. Hit Enter.
9. Locate the executable of this ransomware.
10. Right-click it and click Delete.
11. Empty the Recycle Bin.