Decrypt .Nutella Encrypted Files by GlobeImposter Ransomware

Decrypt .Nutella Encrypted Files by GlobeImposter Ransomware

This article has been created in order to help you by explaining what is the .Nutella files variant of GlobeImposter family of ransomware viruses plus how to remove it from your computer and decrypt the encrypted files for free.

A new version of the many Globeimposter ransomare variants has been detected out in the wild. The infection aims to encrypt the files on the computers, which have become it’s victims. The virus, then appends the .Nutella file extension to the encrypted files and then drops a ransom note which demands a payment from victims usually in BitCoin in order to get the cyber-criminals to restore the encrypted files. Fortunately, there is a decrypter for most of the Globeimposter ransomware’s variants, this is why if your computer has been infected by this virus, reccomendations are to read this article and learn how to remove this ransomware and decrypt your encrypted files without having to pay a ransom fee.

Threat Summary

Name.Nutella Files Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers it has infected, after which sets a ransom note as a wallpaper and demands a payoff to be made for the decryption of the encrypted data.
SymptomsThe virus changes the file extension of the encrypted files to .Nutella.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Nutella Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Nutella Files Virus.

More About the .Nutella Virus

Similar to other Globeimposter ransomware variants, this iteration of the virus is spread mainly via spammed e-mails. Such may carry either malicious e-mail attachments, pretending to be legitimate onces, like invoices, receipts for orders or banking statements or fake web links. Usually, big companies are often used to increase the trust in victims and the e-mails pose as if they are coming from PayPal, eBay, DHL, Amazon, eBAy as well as other big companies, like banks or government branches.

Once the victim becomes infected with the .Nutella version of Globeimposter ransomware, the malware triggers it’s malicious payload file, reported to be the following:

After infecting your computer, the .Nutella variant of GlobeImposter may interfere with the following Windows registry sub-keys by adding registry values in them which make it so that the virus files of the ransomware run automatically when your system boots:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to thsi, the .Nutella files virus may also delete the backups on the infected computer, obtain information about the shadow volume copies and delete them if they are active and disable system recovery.

.Nutella Files Virus – Encryption

Before encrypting the files on your computer, the .Nutella variant of Globeimposter may initiate a scan for them based on their file extensions. The .Nutella files virus begins by scanning for the following types of files to encrypt:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After GlobeImposter’s .Nutella variant has detected the files, the virus begins to encrypt them by replacing data from the original file with data from the encryption algorithm. In addition to this, the ransomware virus also adds the .Nutella file suffix to the encrypted files, making them to begin appearing like the following:

New Text Document.txt.Nutella

GlobeImposter .Nutella Ransomware – Removal + Decryption

Before beginning to decrypt the files enciphered by this virus, we advise you to remove the virus from your computer, preferably by following the instructions below.

Note! Your computer system may be affected by .Nutella Files Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .Nutella Files Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .Nutella Files Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .Nutella Files Virus files and objects
2. Find files created by .Nutella Files Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .Nutella Files Virus

Vencislav Krustev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...