NSB Ransomware

NSB Ransomware, also known as National Security Bureau Ransomware, is a new variant of a well-known infection, Virlock Ransomware. This devious infection is a file-encryptor, and it can corrupt all kinds of personal files on the affected computer. Unfortunately, when files are encrypted, there is nothing that can be done to restore them. Although it is equally as damaging as Lanran Ransomware, Desu Ransomware, Locky Locker Ransomware, and similar threats, it is not as transparent. While these threats do not hide the fact that they corrupt files for the sole purpose of monetary gain, the creator of malware we are discussing in this report is hiding behind the credentials of the National Security Bureau, FBI, and other well-known US law enforcement agencies. This is done with the hope of tricking more users into giving up their money. The first thing we have to warn you about is that your files are unlikely to be decrypted if you pay the ransom. Unfortunately, you cannot decrypt them by removing NSB Ransomware either. Nonetheless, deleting this malicious infection is extremely important, and we discuss that in the report.

Spam emails are likely to be used for the distribution of NSB Ransomware, and so if this malware has not invaded your operating system yet, we suggest being extra careful about the emails you open and interact with. If the infection is executed, it immediately encrypts files, and it is most likely to go after documents, photos, archives, and other personal files. After encryption, the “.exe” extension is added to all of them. You cannot restore your files by deleting this appended extension. Besides encrypting files, the malicious NSB Ransomware also locks the screen to introduce you to the ransom demands. If that was not enough, it also disables access to RUN, Task Manager, and the Start menu, which means that you cannot manually disable the screen-locker and initiate the removal. Of course, that does not mean that your operating system is locked up permanently. Our research team can offer you instructions that show how to reboot your system and remove the malicious infection even if the screen is locked. Unfortunately, as mentioned before, the infection displays a ransom note suggesting that the National Security Bureau is behind the lockdown, and that is why some users might not even realize that they are dealing with malware.

The window launched by NSB Ransomware displays emblems of various US law enforcement agencies and a misleading message. According to it, you have to pay the fine of $250 to avoid jail time and a bigger penalty. It is stated that the fine is issued due to illegal activity, but that is just a scare-tactic to make you believe that the message cannot be ignored. Of course, legitimate law enforcers would never lock screens and ask to pay fines using crypto-currency. That is exactly what victims are asked to do. It is suggested that the “fine” must be paid in Bitcoins to a Bitcoin wallet, and this is a huge red flag. If you do not realize that you are dealing with schemers the moment your screen is locked, you should realize it as soon as you read the ridiculous demands. As discussed previously, paying the ransom is not a good idea at all. Whether or not you pay it, it is unlikely that you would be able to restore your files. You can calm down only if your files are backed up. Otherwise, it looks like you might have experienced a complete loss of your personal files.

If you follow the instructions below, you should be able to delete NSB Ransomware from your operating system manually. Of course, it all depends on your ability to erase the launcher file, which could be located anywhere, and its name is unknown. First, you need to reboot your operating system to circumvent the lock-down initiated by the ransomware itself. If you are determined to remove NSB Ransomware manually, reboot to Safe Mode. If you wish to install anti-malware software – which is what we recommend – you want to reboot to Safe Mode with Networking. Whichever path you take, you need to make sure that your operating system is cleared from malware. Next, you need to ensure that the system is protected reliably and that your personal files are backed up. We suggest using external drives or online cloud storage.

NSB Ransomware Removal

1. Reboot system to Safe Mode or Safe Mode with Networking (see instructions below).
2. Find and Delete the {random}.exe file that launched the malicious ransomware.
3. Launch Windows Explorer (tap Win+E keys).
4. Click Organize and select Folder and search options (Windows 7) or click View and then Options (Windows 10 and Windows 8).
5. Click View and then select Show hidden files, folders, and drives.
6. Click Apply and then OK.
7. Enter %ALLUSERSPROFILE% into the bar at the top.
8. Delete 2 {random} folders containing 2 {random}.exe files that belong to the ransomware.
9. Enter %USERPROFILE% into the bar at the top.
10. Delete the {random} folder that contains the malicious {random}.exe file.
11. Exit Explorer and then launch RUN (tap Win+R keys).
12. Enter regedit.exe into the dialog field and click OK to launch Registry Editor.
13. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
14. Delete the {random}.exe value that points to %USERPROFILE%\{random}\{random}.exe.
15. Navigate to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
16. Delete the {random}.exe value that points to %ALLUSERSPROFILE%\{random}\{random}.exe.
17. Empty Recycle Bin and then run a full system scan using a reliable malware scanner.

How to reboot Windows

Windows 10/Windows 8

1. Restart the computer.
2. As soon as BIOS loads, start tapping F8 on the keyboard to access the boot menu. If you cannot access it, force-restart the computer three times).
3. Click See advanced repair options.
4. Move to Troubleshoot and then to Advanced options.
5. Select Startup Settings and then click Restart.
6. Select Safe Mode or Safe Mode with Networking.
7. Wait for the system to reboot.

Windows 7/Windows Vista/Windows XP

1. Restart the computer.
2. As soon as BIOS loads, start tapping F8 on the keyboard to access the boot menu.
3. Select Safe Mode or Safe Mode with Networking.
4. Wait for the system to reboot.