.nusm ransomware

Status
Not open for further replies.

Hyperium

New Member
Thread author
May 23, 2021
8
hi guys. my pc has been infected with the virus .nusm today. can anyone please help me with this? i have class tomorrow and i really need my files. some websites say that it is a new variant. thanks.

ps. i cannot upload it
 
Last edited:
  • Like
Reactions: Nevi

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello Hyperium.

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .nusm has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.
 

Hyperium

New Member
Thread author
May 23, 2021
8
Hello Hyperium.

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .nusm has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.
Hi Karsten

Thank you for responding to my query. Here is a screenshot of the result.
 

Attachments

  • Capture.JPG
    Capture.JPG
    51.2 KB · Views: 9

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Can you please tell me if your personal ID, which you find in the ransom note, starts with "t1"?
 

Hyperium

New Member
Thread author
May 23, 2021
8
it does not start with t1. Also, my files are encrypted with the .nusm extension. How can i retrieve my files? even if i remove the extension it still doesnt open
 

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Unfortunately your files are encrypted with an online key and cannot be decrypted without the key of the criminals.
Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Let me know if you want assistance for 1) or 2)
 

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Are you still with me? I will close this topic after 3 days.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top