Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

National Security Bureau Ransomware

National Security Bureau Ransomware is a based on VirLock Ransomware, an old malicious application that would lock users screen and then ask for a ransom to unlock it. These infections are still quite popular, although we encounter them less often than ransomware applications that only encrypt user’s files and do not lock the screen. In any case, if you did come across it, we advise you to keep reading this article to learn more about this malware. Needless to say, we do not recommend putting up with any demands as there is a way to unlock the screen and get rid of National Security Bureau Ransomware. As for encrypted files, there is not knowing if the hackers will keep up to their promises and so paying the ransom could be a huge waste of your money. The instructions located at the end of this article will explain how to remove this annoying infection manually and get full control of your computer again. Of course, if you still have any questions after reading our report, you could leave a comment at the end of this page.

The malware can get in through Spam emails, pirated software installers, or other untrustworthy data downloaded from the Internet. It means in order to protect the computer against threats like National Security Bureau Ransomware users should take some extra precautions. For instance, it would be smart to stay away from torrent and other doubtful file-sharing web pages as well as watch out for Spam emails and messages from senders you are not familiar with. Another thing we could suggest is scanning all unreliable files received from questionable sources with a legitimate antimalware tool. Unlike when opening the infected file right away; examining it would give an opportunity to learn whether it has any malicious components without endangering the system.

After National Security Bureau Ransomware’s launch, it should create folders on the %ALLUSERSPROFILE% and %USERPROFILE% directories. The folders’ name is supposed to be completely random, same as the names of the malicious executable files placed inside of them (e.g., %ALLUSERSPROFILE%\dqcMAIgw\gsQoAIAM.exe). To make the computer run the malicious application automatically with each restart, it should also create two Registry entries in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run directories. However, we should mention the malware’s created data might be invisible unless the user enables the Show hidden files, folders and drives option.

Furthermore, after settling in National Security Bureau Ransomware should encrypt user’s files and mark them with .exe extension (e.g., picture.jpg.exe, text.doc.exe, and so on.). Soon after the encryption process is completed, the malicious application should lock the user’s screen and kill some of the system’s operations to prevent the user from unlocking the screen. On top of it, victims are supposed to see a message or a ransom note stating “Willful copyright infringement is a federal crime that carries penalties of up to five years in federal prison, a $250,000 fine, forfeiture and restitution.”

Moreover, after scaring the user, the described message should continue to explain being a first-time offender the user has to pay only $250. Apparently, the payment can be made online by transferring a specific amount of Bitcoins to the provided wallet address. Also, the National Security Bureau Ransomware’s note suggests the user could pay the fine at the local courthouse, but this way the computer and the files on it would be unlocked only after 4 or 5 working days. The text might sound rather convincing for inexperienced users, but surely the grammar mistakes and the suggestion to pay in Bitcoin should raise suspicion. No doubt, users who have more knowledge about such threats should realize they are dealing with a file-encrypting screen locker.

Users who do not want to fund cybercriminals or risk losing their money in vain we would advise removing National Security Bureau Ransomware at once. There are no guarantees the files will be decrypted, and for unlocking the screen, there are other ways to do so. Thus, if you do not plan on paying any ransoms, we encourage you to follow the instructions located below as they will explain how to unlock the screen and delete the malware manually. Afterward, it might be wise to scan the system with a reliable antimalware tool too just to see if the malicious application is gone and if there are no other potential threats.

Restart the computer in Safe Mode

Windows 8/Windows 10

  1. Tap Win+I for Windows 8 or open Start menu for Windows 10.
  2. Press the Power button.
  3. Click and hold Shift then click Restart.
  4. Pick Troubleshoot and choose Advanced Options.
  5. Go to Startup Settings and click Restart.
  6. Press F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

  1. Navigate to Start, select Shutdown options and pick Restart.
  2. Press and hold F8 when the PC starts restarting.
  3. Mark Safe Mode with Networking.
  4. Select Enter and log on.

Enable Show Hidden Files and Folders

Windows 8 & 10

  1. Press Win+E.
  2. Select the View tab (top-left corner).
  3. Click on Options (top-right corner).
  4. Select change folder and search options.
  5. Click on the View tab and pick Show hidden files, folders and drives.
  6. Click OK.

Windows 7 & Vista

  1. Go to Start and launch Control Panel.
  2. Choose Appearance and Personalization.
  3. Open Folder Options and pick the View tab.
  4. Click Show hidden files, folders and drives.
  5. Select OK.

Windows XP

  1. Navigate to Start and open Control Panel.
  2. Pick Appearance and Themes.
  3. Select Folder options and choose the View tab.
  4. Find and mark Show hidden files and folders.
  5. Click OK.

Remove National Security Bureau Ransomware

  1. Press Win+E.
  2. Navigate to %ALLUSERSPROFILE%
  3. Find two randomly titled folders (e.g., cQkcgwQg) containing randomly named executable files (e.g., qEoYgUIU.exe), right click these folders and press Delete.
  4. Go to %USERPROFILE% and find another randomly titled folder, then right-click it and select Delete.
  5. Close File Explorer.
  6. Find these locations:
  7. Look for value names with random titles, right-click them and press delete.
  8. Close Registry Editor.
  9. Empty Recycle bin.
  10. Restart the computer.
Download Spyware Removal Tool to Remove* National Security Bureau Ransomware
  • Quick & tested solution for National Security Bureau Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.