The article presents detailed information about Nelasod virus as well as a step-by-step guide on how to remove malicious files from the infected system and how to potentially recover encrypted files.
Nelasod virus is a vicious cryptovirus that is based on the code of STOP ransomware. Once activated on a computer Nelasod disrupts system security in order to locate and encode personal files. Since the threat is designed to utilize a strong cipher algorithm for the corruption of target files, it prevents you from accessing the data they store. Encrypted files could be recognized by the extension .nelasod as the ransomware appends it to their names. At the end of the attack, Nelasod virus displays a message that instructs you how to make a ransom payment for a decryption tool. This message could be found on the desktop in the _readnme.txt file.
|Short Description||A version of the STOP/DJVU ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.|
|Symptoms||Important files are encrypted and renamed with the extension .nelasod|
A ransom message forces victims to contact hackers in order to receive instructions on how to pay a ransom ($490 – $980).
|Distribution Method||Spam Emails; Email Attachments; Corrupted Websites; Software Installers|
|Detection Tool|| See If Your System Has Been Affected by Nelasod |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Nelasod.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Nelasod Virus – Update August 2019
The good news for all victims of STOP Nelasod ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.
So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free Nelasod decryption tool and learn how to proceed with the decryption process.
Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of Nelasod virus ransomware infections.
Nelasod Virus (STOP Ransomware) – More About the Infection
Security researchers reported that the Nelasod virus is based on the code of one of the most popular ransomware families dubbedSTOP. Nelasod ransomware is spread via several channels including spam emails, email attachments, hacked web pages, and corrupted freeware installers.
Since malspam enables hackers to spread their malicious code via massive email campaigns, they often prefer it. For its realization, they usually embed their malware in files of common types which files they then attach to email messages. These files may be presented as:
- Invoices coming from reputable sites, like PayPal, eBay, etc.
- Documents from that appear to be sent from your bank.
- An online order confirmation note.
- Receipt for a purchase.
Once activated on your system Nelasod virus creates ransom named malicious files in folders like %AppData% and %LocalAppData%. By executing these files, the ransomware performs a series of malicious operations that corrupt essential system settings and enable it to encrypt target files.
Nelasod virus launches a built-in cipher module for the data encryption stage. This module is designed to scan all computer drives for predefined types of files so it can then transform their code with a sophisticated cipher algorithm. Unfortunately, it is likely that all files which store valuable information will be encrypted. Among encrypted files may be your:
- Audio files
- Video files
- Document files
- Image files
- Backup files
- Banking credentials, etc
Following encryption, you cannot open encrypted files. In addition, you see the extension .nelasod appended to their names. In fact, the main goal of this ransomware is to blackmail you into paying a ransom to hackers.
Here is a copy of Nelasod virus’ ransom message _readnme.txt:
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Our Telegram account:
Your personal ID:
According to the details presented in the ransom message, when you pay the ransom you will receive a decryption tool for encrypted files. You should NOT under any circumstances pay any ransom sum to cybercriminals. This action does not guarantee the recovery of your .nelasod files.
How to Remove Nelasod Virus
The so-called Nelasod virus is a threat with a highly complex code that disrupts system security in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after the complete removal of all malicious files and objects created by Nelasod ransomware. That’s why it is recommendable that all steps presented in the Nelasod virus removal guide below should be completed. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide.
How to Recover .nelasod Files
There are several alternative methods that may be efficient for the recovery of .nelasod files. You could find them listed under Step 5 from our Nelasod ransomware removal guide. Beware that you should make copies of all encrypted files and save them on a flash drive for example. This additional step will prevent the permanent loss of encrypted .nelasod files.