What is NLAH?
NLAH ransomware is a new malicious software launched one or two weeks ago attacking primarily window users. It is a member of a STOP Djvu ransomware family and was first discovered by Michael Gillispie as reported by him on twitter on 2nd June 2020. It can enter your PC through malicious ads, email attachments and torrent sites. Systems infected with this virus get all their data files encrypted in a way that all files get modified with a .nlah extension and slowly within a span of a day or two, file type is altered to NLAH. After the virus has penetrated all your files, a “_readme.txt” file is created asking for big ransom amount for decrypting the data. It says that all your data files are secure and will be returned to you iff the asked amount (varying from 490$ to its double) is paid as ransom in bitcoins at given account details. Also this virus attempts to prevent users from contacting with cyber-security websites by creating a fake window update. To aggravate the issue, password-stealing trojans get installed in your PC automatically. It has the ability to encrypt the files on all the drives strapped with your PC such as internal hard drives, USB disks, network storages, etc.
No antivirus has been prepared for it till now, much likely as coronavirus vaccine. Once your files have got encrypted, they can’t be decrypted unless a ransom is paid to the attackers. However, there are solutions available to get rid of the virus from your PC so that newly installed files can be saved from infections. In case encryption has been carried out using an offline ID, there is probably a chance that any of available decrypters might help you. It is a cryptographic key that is used by the virus when it is not in connection with its commands server. However in the event of encryption carried out using an online ID, it is almost impossible to retrieve the data without the payment of ransom as of now.
Remove NLAH virus from your PC
The strategies to remove the virus from the system are detailed below.
Step 1: Download and install Malwarebytes Free
It runs alongside antivirus software without conflicts. For complete removal of virus, scan your computer with this software in safe mode and quarantine the malicious entries detected by the software and lastly completely delete them. To enter safe mode, press Windows key + R and type MSCONFIG, a window will appear in which you have to click on boot >> safeboot >> restart your PC. Similarly to get out of safe mode, press Windows key + R and type MSCONFIG, and unclick the boot option and restart.
Step 2: Use HitmanPro
It uses a cloud based approach for malware scanning all active files and all the suspicious locations where virus can reside. It offers 30-days free trial and hence can be used for the time being. Again scanning in safe mode is more beneficial.
Step 3: Use Emsisoft Emergency Kit
Use this kit to double check any leftover malicious entry in your PC after scanning with Malwarebytes and HitmanPro.
Step 4: Downlaod Emsisoft decrypter for STOP Djvu
This can help to decrypt your files in case of use of an offline ID.
Protect your work from virus attack
Always Enable your Firewall
It is a security application built by Microsoft and instituted in windows to screen network data transmissions to and from your windows system. Earlier it was known as Internet Connection Firewall, then later in 2004, it was renamed as Windows Firewall with improved core capabilities. It demolishes the malicious softwares such as Trojans Horse attacks and worms entering your PC. It is automatically turned on in modern windows versions and runs silently in the background. Most windows program using internet and demanding internet access automatically add exceptions to windows firewall. If they don’t add such exceptions, a windows security alert is displayed by firewall asking you to allow access or not. And here, your wisdom plays the role. Don’t allow access to any suspicious software into your PC!!
Don’t open spam mails
These are the unsolicited messages sent in bulk by the email. Consistent rise in email spam since early 1990s was accounted for 90% of total email traffic as estimated in 2014. Besides being annoying, these are threatening to system’s security. Users should not open any link provided in the email messages that look like emails as these may contain URLs to malicious websites.
You may install an anti-spam software to get protected form spam emails as this software tags emails as spam and block dangerous malwares and phishing attacks.
Before opening an email, ensure that you know the sender. Sender’s address containing a bunch of numbers and unrecognisable domains is more likely to be a spam message.
Check the subject of email to identify any possible threat. Emails with subject lines offering investment opportunities, new treatment, info about the packages you never ordered, job opportunities, seeking help for an operation are harmful.
Use pop blockers
Back up your important data
Always keep a copy of your important work data in a hard disk, google drives, one drive etc. This will serve as a boon to you in case of any mishappening. One drive is Microsoft’s storage service for hosting files in the cloud and offers you a simple way to store, share or sync your files. It is freely available to all the owners of a Microsoft account.
for more details contact us: email@example.com