A new ransomware was discovered recently by MalwareBytes Security Analyst S!Ri called Nuke.
The Nuke ransomware renames victim's files randomly and adds the extension ".0x5bm". For example, "picture.jpg" would become "efaf+aEa00acBEba.0x5bm". The original filename is embedded at the end of the encrypted file. The ransom note left is "!!_RECOVERY_instructions_!!.html" and "!!_RECOVERY_instructions_!!.txt" with the following contents.
!! Your files and documents on this computer have been encrypted !! ** What has happened to my files? ** Your important files on your computer; photos, documents, and videos have been encrypted. Your files were encrypted using AES and RSA encryption. ** What does this mean? ** File encryption was produced using a unique 256-bit key generated specifically for this machine. Encryption is a way of securing data and requires a special key to decipher. Unforunate for you, this special key was encrypted using an additional layer of encryption; RSA. Your files were encrypted using the public RSA key. To truly reverse the unfortunate state of your files, you need the private RSA key which is only known by us. ** What should I do next? ** For your information your private key is a paid product. If you really value your data we suggest you start acting fast because you only short amount of time to recover your files before they are gone forever. There are no solutions to this problem, and no anti-virus software can reverse the process of file encryption because we have also erased recent versions of your files which means you cannot use file recovery software. Modifying your files in any way can damage your files permenantly and we will no longer be able to help you. Follow our terms assigned to you below, and we will have your files recovered. ** Recovering your files ** - Send an email with the subject 'FILE RECOVERY' to email@example.com - For a free test decrypt, send one small file which will decrypt free - Wait for a response from us (up to 24-48 hours) - We will send you further information regarding payment and full file decryption of your computer - Receive file decryption software to decrypt every encrypted file on the hard drive
The following image is left as the victim's background.
If you have been hit by this ransomware, I do not recommend paying the ransom at this time. ;)