This page aims to help users infected by NanoLocker ransomware. Use the guide below to decrypt NanoLocker files and to restore the original ones
This new virus was discovered by Symantec in January 2016. It works as trojan-ransomware and is named by its developers as ‘NanoLocker 1.29’ (its file size is 1.29Mb). It enters a system and encodes personal files of all types with a virtually unbreakable key. Then it demands a ransom be paid in return for decrypting your files. Currently this virus is most active in North America, Western Canada, Europe and South America. Microsoft estimate of their operating systems compromised by it that Windows 8 and 10 are the most affected, accounting for over 60% of NanoLocker infections, whilst Vista and XP systems account for 8 and 6% respectively. After entering your computer (see below), it sends communication to a control server then goes about encoding files. It is difficult to detect and deal with because it evades weak or out-of-date anti-virus software and establishes defences that can disable scans and prevent browsers from visiting help pages. After encryption, it will demand that 0.1 Bitcoin (currently $43 U.S) is paid for the code key. If this is not met, then this price rises rapidly with delay. If you’re unlucky enough to be attacked, delete NanoLocker without hesitation; this malware also includes elements that can relay personal and financial details stored on your system.
How NanoLocker can enter a system
This ransomware infects like various similar viruses – and all of these routes into your computer can be guarded: commonly used is an unsolicited though enticing e-mail – usually offering some benefit that requires the opening of the attached file; freeware downloads can contain the trojan within a bundle of legitimate programs; dubious or compromised ‘sites/blogs can be used with EK (exploitation kits) that target browser vulnerabilities and drop a trojan while you browse; fake freeware update ads can either redirect you to these dangerous ‘sites, or deliver directly if clicked-on; old-fashioned manual hacks can be undertaken by exploiting under-secured network connections. With god working habits and strong security it is possible to prevent NanoLocker from infecting your operating system. To clear NanoLocker afterward is much more trouble that could leave you with a great amount of data loss.
What I can do If infected by NanoLocker
If you find this malware in your system, the the more you use the computer, the further the encryption process goes and getting rid of NanoLocker becomes more complex. Some security software may not detect it, especially if not currently updated. There are some visible signs that can indicate the trojan is in your system: if your system (and so, the display) freeze for a second or two at seemingly random moments; if the system appears to slow dramatically or performs erratically; if you have increased pop-ups or receive unasked for plug-ins that download independently. Should such things occur, immediately disconnect wired and wireless internet connections and any network connections. First check your files and make sure they have their usual extensions and back them up to an external drive or USB Flash. Introduce a quality anti-virus program that is familiar with this variant to remove it automatically, or follow the instructions below to manually eliminate NanoLocker using Safe Mode with Networking. After this is done, it is advisable to restore browser defaults and disable plug-ins, then to download and run Microsoft’s Malicious Software Removal tool to trace any remaining virus roots.
How to decrypt NanoLocker files
If you have managed to spot it’s presence before encryption is complete, there is now a way to decrypt files. An independent researcher in Canada has found a flaw that can be exploited – until the files are completely coded, the key is stored in a configuration file in the infected system. The key is deleted after the encryption has finished. If detection is soon enough and the trojan is stopped, the file with the key can be retrieved and decoding can be started. The encryption process can be disrupted by putting the operating system into sleep mode or with periodically Restart.
Please, follow the steps below to successfully decrypt NanoLocker files:
Step 1: Download NanoLocker decryption utility from here : https://drive.google.com/a/enigmasoftware.com/file/d/0B_ItlkvJ6ADqa1JrS3EwUlBzUjQ/view
Step 2: Download 32bit Visual C++ 2013 redistributable package from here: https://www.microsoft.com/en-ca/download/details.aspx?id=40784
Step 3: Unpack the .zip archive to C:\NanoLocker_Decryptor folder.
Step 4: Copy all encrypted files to C:\NanoLocker_Decryptor folder
Step 5: Open a Command prompt with Administrative rights (learn how to do this here)
Step 6: Type “cd \NanoLocker_Decryptor”
Step 7: Type “NanoLocker_Decryptor.exe <name_of_encrypted_file> <name_of_decrypted_file> <tracking_file> ”
Step 8: Repeat Step 7, until you have all your files decrypted.
If detection has been too late to recover the key, then the standard recovery methods of trying the Shadow Volume Copies using Shadow Explorer (available at windows.microsoft.com), or in Previous Versions using a program like PhotoRec, or the Microsoft Previous Versions tool.
Preventing NanoLocker
- Install advanced anti-virus protection and detection, preferably with a firewall;
- Update your browser regularly. Ensure the settings provide maximum browsing protection;
- Always use Advance/Custom install options for all software;
- Don’t open dubious files, unsolicited e-mails/pop-up update offers;
- Secure – or disable – RDP (remote desktop protocol);
- Secure any network access only for Authenticated Users;
- Research Software Restriction Policies. They block executable files from running when located in specific paths (for instructions see the Microsoft website);
- Perform back-ups regularly and copy all personal files to external drives/cloud.
NanoLocker and increasing ransomware threats like it are preventable. Install the best defence you can find against malware. This will give you insurance, and along with developing a safe practice of browsing/downloading and installation, your system should then be kept free from these insidious threats. Be prepared, then you won’t have to give NanoLocker or it’s ilk a nanosecond of your operating time!
