Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Nols Ransomware

If you want to protect your personal files, you need to make sure that Nols Ransomware – or any of its clones – does not enter your operating system. Unfortunately, the attackers behind this malware do not need to work hard to help it slither in. It appears that, in most cases, these attackers create misleading email messages and trick the recipients into executing the infection themselves. So, if you have recently received an out-of-the-ordinary message containing an attachment, there is a good chance that you have been exposed to a malware executable. Other methods of proliferation could be used too, and so it is not enough to delete every strange message that you find in the inbox. All in all, regardless of how the malicious threat slithers in, it attacks your operating system in the same way. If you do not remove Nols Ransomware right away, this malware encrypts all personal files. These might include documents, photos, media files, etc. After encryption, you should find the “.nols” extension appended to them all.

We mentioned that Nols Ransomware has clones, and that is because it was created using the same code as Noos Ransomware, Reco Ransomware, Boot Ransomware, and other infections from the STOP Ransomware family. It is believed that the same attacker, or group of attackers, is responsible for all of these malicious infections. Before Nols Ransomware reveals itself, it opens a fake Windows update window, and it also disables the Task Manager to ensure that victims cannot detect and terminate malicious processes before all files are encrypted. After that, it drops a file named “_readme.txt,” and if you open it, you can find a message from cybercriminals. According to them, all files were encrypted, but can be restored. The attackers want you to believe that you can purchase a decryption tool, which costs $490, if paid within the first 72 hours. Needless to say, that is a lot of money, especially considering that it is impossible to know what cybercriminals would do if you complied with their demands. These demands include emailing them (to gorentos@bitmessage.ch or amundas@firemail.cc) and then paying the ransom.

Unfortunately, communicating with cybercriminals can be extremely dangerous. They want you to contact them so that they could explain how to pay the ransom, but if you think that they would not try to contact you afterward, you are naive. Maybe they would not do that using the same email account, and maybe they would not do that themselves, but if you expose yourself, there is a good chance that new misleading emails could be sent to you in the future. Remember that Nols Ransomware itself can be spread via emails and that there are thousands of other infections that could be introduced to you in the same manner. If you feel helpless, you might decide to comply with the attackers’ demands even if you understand that the chances of you recovering your files are slim to none. Of course, we do not advise taking such an action. We hope that you have backups that could replace the corrupted files. What about third-party decryptors? In many cases, files corrupted by the infections from the STOP Ransomware family can be restored for free using STOP Decrypter, but, at the time of research, Nols Ransomware was not yet decryptable.

The instructions you can see below are meant to make the manual removal of Nols Ransomware easier. Of course, since the launcher of the infection could be anywhere, we cannot guarantee that you will be able to identify and delete all malicious components successfully. What should you do if you fail to delete Nols Ransomware from your operating system? In that case – and even if you can perform manual removal – we advise employing anti-malware software. That is our recommendation because this software can automatically erase malicious threats and also secure the operating system against them in the future. Needless to say, you also need to backup your personal files in the future. If you have backups right now, you do not need to worry about restoring or replacing them, and that is the best insurance you can have. If you want to ask us questions about the malicious threat or its removal, add them to the comments section.

Nols Ransomware Removal

  1. Delete the [unknown name].exe launcher file (location is random).
  2. Access the Windows Explorer, which you can do by tapping Win+E keys.
  3. Type %HOMEDRIVE% into the field at the top and then tap the Enter key
  4. Delete the folder named SystemID and the key named _readme.txt.
  5. Type %LOCALAPPDATA% into the field at the top and then tap the Enter key.
  6. Delete the [random name] folder that has ransomware files inside.
  7. To complete the removal, Empty Recycle Bin.
  8. Install a trusted malware scanner and use it to examine your system for leftovers.
Download Spyware Removal Tool to Remove* Nols Ransomware
  • Quick & tested solution for Nols Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.