Nuksus Ransomware

Nuksus Ransomware appears to be yet another malicious file-encrypting application from the so-called STOP Ransomware family. Our researchers report that it is a bit different from other threats from the mentioned family. It only encrypts personal files available on a computer and does not leave any ransom note. No ransom note means that the malware’s victims cannot contact its developers or pay a ransom. Oddly, the hackers do not demand anything. The other malicious applications from STOP Ransomware family that we encountered so far were created for money extortion. Therefore, it is possible that the threat could be still in development. One way or the other, if you received this malware and did not see any ransom note, you have nothing left to do but to delete Nuksus Ransomware and look for backup copies or other ways to restore your files. To learn how to eliminate the threat manually, you should check the instructions below. Also, we recommend reading the rest of this article to find out more about the malware.

The malware is capable of encrypting files as it enciphers pictures, documents, and other personal victims’ files. Such data gets locked with a robust encryption algorithm and, as a result, it cannot be accessed afterward, unless a user has a unique decryption key and a decryption tool created by the malicious application’s developers. The only files we believe Nuksus Ransomware should not encrypt are the ones belonging to an infected computer’s operating system. Usually, cybercriminals avoid doing so because it might be more difficult to display a ransom note or for a user to pay a ransom. Of course, this case is a bit different since the threat does not show any ransom note. Meaning, when the malware finishes encrypting targeted files, the only difference that a user ought to see is the .nuksus extension, which should be added to each encrypted record. For example, a wallpaper called sunset.jpg ought to turn into sunset.jpg.nuksus after it gets enciphered.

As explained earlier, files can only be unlocked with the right decryption tools. Usually, such tools are exclusively available to ransomware developers, although in some cases IT specialists manage to create free decryption tools. In fact, there was a free decryption tool that worked for STOP Ransomware, and most of the other threats form this family. Sadly, reports say that new STOP Ransomware malicious applications use a bit different encryption methods and so the old decryption tool cannot decrypt their affected files. Nuksus Ransomware is also one of the latest additions to this ransomware family, which is why the IT specialists’ created decryption tool should not work on its enciphered files either. Nevertheless, decrypting data is not the only way to get it back. If you backed your data and have it on cloud storage or removable media devices, you could replace enciphered files with such copies. Also, there is always hope someone might succeed in creating a new decryption tool, so you could keep encrypted data just for a while if it is irreplaceable to you.

Truth to be told, we are not sure if Nuksus Ransomware is being spread yet. The fact it does not display a ransom note signals the malware could be still in development. Even if it is, we believe it is essential to know how such a threat could be distributed so you would know how to avoid it. Cybercriminals often pick Spam emails as a way to reach their targeted victims. They may send their victims' infected attachments or links that could launch the malicious application if a user opens them. Malicious emails may contain messages meant to intrigue victims or to scare them. For example, the email could appear to be from some well-known company, and it might ask to open an important document related to your latest purchase, or it could ask to open a link to claim a prize, change your password, etc.

In other words, reading messages carrying malware or potentially dangerous content might make you feel as if you have to take immediate action. Naturally, it is best to take a moment and scrutinize such emails before doing what their senders ask you to do. For extra safety, we recommend scanning all questionable email attachments or other files with a reputable antimalware tool. If you have opened a file carrying Nuksus Ransomware, we recommend finding it and erasing it so you would not launch it accidentally ever again. This you can do manually if you follow the instructions available below or you could employ a reliable antimalware tool that could remove Nuksus Ransomware for you.

Erase Nuksus Ransomware

1. Click Ctrl+Alt+Delete.
2. Choose Task Manager and select Processes.
3. Find a process belonging to the threat.
4. Mark it and click End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malicious application’s launcher (some suspicious file downloaded before the infection appeared).
9. Right-click it and select Delete.
10. Exit File Explorer.
11. Empty Recycle Bin.
12. Restart the computer.