What is .NamPoHyu files virus? Is .NamPoHyu files virus a variant of the MegaLocker ransomware family? What kind of encryption does the .NamPoHyu files virus use?
.NamPoHyu Files Virus is a cryptovirus that targets Ubuntu Apache servers, NAS storages, along with other servers used for various purposes, be it running a website (domain) or ones used for storing data. Mac and PC operating systems can be affected. The virus encrypts files by using the AES encryption algorithm via CBC (Cipher Block Chaining) and places a ransom note. With the ransom note, the cybercriminals that are behind the virus demand money as a ransom to get the files restored. Files will receive a custom extension, which is .NamPoHyu but other variants are not excluded from appearing. The .NamPoHyu Files Virus is called NamPoHyu Virus and it is actually a variant of the MegaLocker ransomware.
|.NamPoHyu files virus
|The ransomware encrypts files on a computer system and specifically targets servers and network operated systems. The virus demands a ransom to be paid to allegedly recover the system and its data.
|The ransomware will encrypt files, may slow down the machine that is being encrypted, leave a ransom note with payment instructions and place the .NamPoHyu extension to locked files.
|Spam Emails, Email Attachments
See If Your System Has Been Affected by malware
Malware Removal Tool
|Join Our Forum to Discuss .NamPoHyu files virus.
|Data Recovery Tool
|Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.
.NamPoHyu Files Virus – Update May, 2019
There’s some great news for victims of the NamPoHyu ransomware – a decryptor is now available. Emsisoft developers have released a decryptor for the ransomware, and its victims can now use the tool to recover their files for free.
NamPoHyu is a variant of the MegaLocker ransomware, meaning that the decryptor will also work for MegaLocker victims. As explained by the developers of the decryption tool, to use it, you will require one of the ransom notes left by the malware. You can download the NamPoHyu dectyptor and recover your files. Emsisoft has also provided a detailed guide on how to use their tool.
.NamPoHyu Files Virus – What Does It Do?
Users have contacted us and reported new information about the infection method of the .NamPoHyu virus. The report states that the NAS storage device of one user was infected remotely, due to the router accidentally placing the server in a Virtual DMZ, hence making the public IP open. The same user had checked his own WDmycloud IP on his router and also found out that the IP was in a DMZ. Thus, the NAS device was encrypted, but nothing else on the configured network.
The .NamPoHyu Files Virus ransomware might distribute itself via different tactics. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet, and researchers have gotten their hands on a malware sample for the original variant. The website that got hit with the ransomware has not been identified to be hit by malware by most security tools as showcased in the below snapshot:
In addition, to try and get ahead of ransomware threats, you should read the ransomware prevention tips located at the corresponding forum thread.
.NamPoHyu Files Virus is a virus that encrypts files and demands a ransom via a note. The ransomware is also known as the NamPoHyu virus, but it is actually a variant of the [wplinkpreview url=”https://sensorstechforum.com/remove-megalocker-ransomware/”] MegaLocker Ransomware family. The cryptovirus uses the AES encryption algorithm by using Cipher Block Chaining (CBC) with 128-bit ciphers. That encryption is sequential (i.e., it cannot be parallelized), and the message is padded to a multiple of the cipher block size. Every block of data is encrypted by using data from the previously encrypted block, making this a chain, hence naming the encryption method CBC. AES-CBC, operates by XOR’ing (eXclusive OR) each block with the previous block and cannot be written in parallel. This affects performance due to the complex mathematics involved requiring serial encryption. AES-CBC also is vulnerable to padding oracle attacks, which exploit the tendency of block ciphers to add arbitrary values onto the end of the last block in a sequence in order to meet the specified block size. That could explain why the ransomware is set to encrypt systems in strange hours in the night, so users could be less aware of an attack.
.NamPoHyu Files Virus ransomware might make new entries in the Registry to achieve persistence, and could launch or repress processes of the operating system. Such entries are typically designed in a way to start the virus automatically with each boot of the operating system.
The ransom note message itself is located inside a file called !DECRYPT_INSTRUCTION.TXT:
The ransom note file has the following contents:
What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.
What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
Your unique id: 02DCED685XXXXXXXXX41863
What do I do ?
You can buy decryption for 250$.
But before you pay, you can make sure that we can really decrypt any of your files.
To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the https://qlcd3bgmyv4kvztb.onion/index.php?id=23CAEC83B8FF4ED5A89A8E19B0D7E85C web page in the Tor Browser and follow the instructions.
How much time do I have to pay for decryption?
You have 10 days to pay for the ransom after decrypting the test files.
The number of bitcoins for payment is fixed at the rate at the time of decryption of test files.
Keep in mind that some exchangers delay payment for 1-3 days! Also keep in mind that Bitcoin is a very volatile currency,
its rate can be both stable and change very quickly. Therefore, we recommend that you make payment within a few hours.
How to contact you?
We do not support any contact.
What are the guarantees that I can decrypt my files after paying the ransom?
Your main guarantee is the ability to decrypt test files.
This means that we can decrypt all your files after paying the ransom.
We have no reason to deceive you after receiving the ransom, since we are not barbarians and moreover it will harm our business.
How do I pay the ransom?
After decrypting the test files, you will see the amount of payment in bitcoins and a bitcoin wallet for payment.
Depending on your location, you can pay the ransom in different ways.
Use Google to find information on how to buy bitcoins in your country or use the help of more experienced friends.
Here are some links: https://buy.blockexplorer.com – payment by bank card
How can I decrypt my files?
After confirmation of payment (it usually takes 8 hours, maximum 24 hours)
you will see on this page ( https://qlcd3bgmyv4kvztb.onion/index.php?id=02DCED685XXXXXXXXX3C0DFD0E241863 ) a link to download the decryptor and your aes-key
(for this, simply re-enter (refresh) this page a day after payment)
Download the program and run it.
Attention! Disable all anti-virus programs, they can block the work of the decoder!
Copy aes-key to the appropriate field and select the folder to decrypt.
The program will scan and decrypt all encrypted files in the selected folder and its subfolders.
We recommend that you first create a test folder and copy several encrypted files into it to verify the decryption.
Accessing the TOR link provided in the message opens up a FAQ page with some of the text included in the ransom note as seen from the below screenshot:
The ransom note of .NamPoHyu Files Virus indicates that your files are encrypted. You are demanded to pay a ransom sum to allegedly restore your files. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result to you getting your files encrypted all over again after payment.
If a server or a computer system was infected with this ransomware and your files are locked, read on below on how you can remove the cryptovirus and what you try to potentially restore some of your files.
*Note: Some of the information used in this article has been provided by users, who became victims of the NamPoHyu virus.
Remove .NamPoHyu Files Virus
If your computer system got infected with the .NamPoHyu Files Virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.
.NamPoHyu files virus-FAQ
What is .NamPoHyu files virus Ransomware?
.NamPoHyu files virus is a ransomware infection - the malicious software that enters your computer silently and blocks either access to the computer itself or encrypt your files.
Many ransomware viruses use sophisticated encryption algorithms to make your files inaccessible. The goal of ransomware infections is to demand that you pay a ransom payment to get access to your files back.
What Does .NamPoHyu files virus Ransomware Do?
Ransomware in general is a malicious software that is designed to block access to your computer or files until a ransom is paid.
Ransomware viruses can also damage your system, corrupt data and delete files, resulting in the permanent loss of important files.
How Does .NamPoHyu files virus Infect?
Via several ways..NamPoHyu files virus Ransomware infects computers by being sent via phishing emails, containing virus attachment. This attachment is usually masked as an important document, like an invoice, bank document or even a plane ticket and it looks very convincing to users.
Another way you may become a victim of .NamPoHyu files virus is if you download a fake installer, crack or patch from a low reputation website or if you click on a virus link. Many users report getting a ransomware infection by downloading torrents.
How to Open ..NamPoHyu files virus files?
You can't without a decryptor. At this point, the ..NamPoHyu files virus files are encrypted. You can only open them once they are decrypted using a specific decryption key for the particular algorithm.
What to Do If a Decryptor Does Not Work?
Do not panic, and backup the files. If a decryptor did not decrypt your ..NamPoHyu files virus files successfully, then do not despair, because this virus is still new.
Can I Restore "..NamPoHyu files virus" Files?
Yes, sometimes files can be restored. We have suggested several file recovery methods that could work if you want to restore ..NamPoHyu files virus files.
These methods are in no way 100% guaranteed that you will be able to get your files back. But if you have a backup, your chances of success are much greater.
How To Get Rid of .NamPoHyu files virus Virus?
The safest way and the most efficient one for the removal of this ransomware infection is the use a professional anti-malware program.
It will scan for and locate .NamPoHyu files virus ransomware and then remove it without causing any additional harm to your important ..NamPoHyu files virus files.
Can I Report Ransomware to Authorities?
In case your computer got infected with a ransomware infection, you can report it to the local Police departments. It can help authorities worldwide track and determine the perpetrators behind the virus that has infected your computer.
Below, we have prepared a list with government websites, where you can file a report in case you are a victim of a cybercrime:
Cyber-security authorities, responsible for handling ransomware attack reports in different regions all over the world:
Germany - Offizielles Portal der deutschen Polizei
United States - IC3 Internet Crime Complaint Centre
United Kingdom - Action Fraud Police
France - Ministère de l'Intérieur
Italy - Polizia Di Stato
Spain - Policía Nacional
Netherlands - Politie
Poland - Policja
Portugal - Polícia Judiciária
Greece - Cyber Crime Unit (Hellenic Police)
India - Mumbai Police - CyberCrime Investigation Cell
Australia - Australian High Tech Crime Center
Reports may be responded to in different timeframes, depending on your local authorities.
Can You Stop Ransomware from Encrypting Your Files?
Yes, you can prevent ransomware. The best way to do this is to ensure your computer system is updated with the latest security patches, use a reputable anti-malware program and firewall, backup your important files frequently, and avoid clicking on malicious links or downloading unknown files.
Can .NamPoHyu files virus Ransomware Steal Your Data?
Yes, in most cases ransomware will steal your information. It is a form of malware that steals data from a user's computer, encrypts it, and then demands a ransom in order to decrypt it.
Can Ransomware Infect WiFi?
Yes, ransomware can infect WiFi networks, as malicious actors can use it to gain control of the network, steal confidential data, and lock out users. If a ransomware attack is successful, it could lead to a loss of service and/or data, and in some cases, financial losses.
Should I Pay Ransomware?
No, you should not pay ransomware extortionists. Paying them only encourages criminals and does not guarantee that the files or data will be restored. The better approach is to have a secure backup of important data and be vigilant about security in the first place.
What Happens If I Don't Pay Ransom?
If you don't pay the ransom, the hackers may still have access to your computer, data, or files and may continue to threaten to expose or delete them, or even use them to commit cybercrimes. In some cases, they may even continue to demand additional ransom payments.
Can a Ransomware Attack Be Detected?
Yes, ransomware can be detected. Anti-malware software and other advanced security tools can detect ransomware and alert the user when it is present on a machine.
It is important to stay up-to-date on the latest security measures and to keep security software updated to ensure ransomware can be detected and prevented.
Do Ransomware Criminals Get Caught?
Yes, ransomware criminals do get caught. Law enforcement agencies, such as the FBI, Interpol and others have been successful in tracking down and prosecuting ransomware criminals in the US and other countries. As ransomware threats continue to increase, so does the enforcement activity.
About the .NamPoHyu files virus Research
The content we publish on SensorsTechForum.com, this .NamPoHyu files virus how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific malware and restore your encrypted files.
How did we conduct the research on this ransomware?
Our research is based on an independent investigation. We are in contact with independent security researchers, and as such, we receive daily updates on the latest malware and ransomware definitions.
To better understand the ransomware threat, please refer to the following articles which provide knowledgeable details.
As a site that has been dedicated to providing free removal instructions for ransomware and malware since 2014, SensorsTechForum’s recommendation is to only pay attention to trustworthy sources.
How to recognize trustworthy sources:
- Always check "About Us" web page.
- Profile of the content creator.
- Make sure that real people are behind the site and not fake names and profiles.
- Verify Facebook, LinkedIn and Twitter personal profiles.