Update September 2019! The article presents detailed information about Nuksus virus as well as a step-by-step guide on how to remove malicious files from the infected system and how to potentially recover encrypted files.
Nuksus virus is a vicious crypto infection that is based on the code of the infamous STOP ransomware. When started on your computer Nuksus disrupts system security and encodes personal files. Encrypted files could be recognized by the extension .nuksus appended by the ransomware. At the end of the attack, Nuksus virus creates a ransom message that urges you pay a ransom for .nuksus files decryption. This message could be found in the _readnme.txt file which is placed on the desktop.
|Short Description||A version of the STOP/DJVU ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.|
|Symptoms||Important files are encrypted and renamed with the extension .nuksus|
A ransom message forces victims to contact hackers in order to receive instructions on how to pay a ransom ($490 – $980).
|Distribution Method||Spam Emails; Email Attachments; Corrupted Websites; Software Installers|
|Detection Tool|| See If Your System Has Been Affected by Nuksus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Nuksus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.nuksus Files Virus – Update September 2019
The good news for all victims of STOP .nuksus ransomware is that the security researcher Michael Gillespie cracked the code of this variant and released an updated version of his STOP ransomware decrypter.
So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free .nuksus decryption tool and learn how to proceed with the decryption process.
Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of .nuksus ransomware infections.
Nuksus Virus (STOP Ransomware) – More About the Infection
Security researchers reported that the Nuksus virus is based on the code of one of the most popular ransomware families dubbedSTOP. The spread of Nuksus ransomware is happening with the help of spam emails, email attachments, hacked web pages, and corrupted freeware installers.
Since malspam (emails that deliver malicious code) enables hackers to spread their ransomware on a large scale, they often bet on it. For its realization, hackers usually embed the malicious code in files of well-known types and then attach these files to email messages. The emails usually state that the attached files as:
- Invoices coming from reputable sites, like PayPal, eBay, etc.
- Documents from that appear to be sent from your bank.
- An online order confirmation note.
- Receipt for a purchase.
Once activated on your system Nuksus virus creates a bunch of malicious files and places them in folders like %AppData% and %LocalAppData%. With the help of newly created malicious files the ransomware corrupts essential system settings and becomes able to encrypt target files.
For the encryption of target files Nuksus virus launches a built-in cipher module that is designed to scan selected folders for predefined types of files. Every time the module detects a target file, it utilizes a sophisticated cipher algorithm to transform its code. Unfortunately, the threat is likely to corrupt all files which store valuable information. Hence, encrypted may be:
- Audio files
- Video files
- Document files
- Image files
- Backup files
- Banking credentials, etc
Following encryption files cannot be opened. In addition, they have the extension .nuksus at the end of their names. In fact, the main goal of this ransomware is to blackmail you into paying a ransom to hackers. That’s why Nuksus drops a ransom message with instructions on how to complete the ransom payment process.
Here is a copy of Nuksus virus’ ransom message – _readnme.txt:
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Our Telegram account:
Your personal ID:
You should NOT under any circumstances pay any ransom sum to cybercriminals. This action does not guarantee the recovery of your .nuksus files.
How to Remove Nuksus Virus
The so-called Nuksus virus is a threat with a highly complex code that disrupts system security in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after the complete removal of all malicious files and objects created by Nuksus ransomware. That’s why it is recommendable that all steps presented in the Nuksus virus removal guide below should be completed. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide.
How to Recover .nuksus Files
There are several alternative methods that may be efficient for the recovery of .nuksus files. You could find them listed under Step 5 from our Nuksus ransomware removal guide. Beware that you should make copies of all encrypted files and save them on a flash drive for example. This additional step will prevent the permanent loss of encrypted .nuksus files.