Polish boarding schools suffer from a new encryption virus attack

Lithuanian users are invited to check their computers if there are no files with the extension ".nozelesn". July 1 In Poland by e-mail The DHL false invoices are sent by mail to the encryption virus "Nozelesn".

By opening a fake DHL bill, a "Nozelesn" virus is activated, which encrypts all documents, photos and video files on the computer. All encrypted files are identified by the extension ".nozelesn" added by the virus. At the end of the job, the encryption virus creates a file named "HOW_FIX_NOZELESN_FILES.htm" on the desktop of the computer, which provides a detailed guide on how to recover encrypted files.

The instruction states that the user must first connect to the Tor network, called "Dark Internet", create a payment server, contain a unique code, and pay 0.1 bitkino kryptovaliuta for the decryption key (currently around EUR 560).

Although the criminals say that they will send a decryption key within ten days after making a ransom, there is no guarantee that users will receive a decryption key. According to security experts, consumer ransoms support the activities of criminals who invest part of the funds in the development of even more advanced malware.

"There is no accurate data on the number of users who have become victims and how much they have already paid for ransom, but on the basis of the ESET Threat Tool Intelligence, we can see that in Poland, during the first week of July, the spread of viruses increased by 30% .This increase is very low in Lithuania, "says Ramūnas Liubertas, computer engineer at ESET Lietuva.

To guard against virus encryption, it is necessary to have advanced antivirus protection, to update the operating system and programs used, not to open suspicious emails and back up the files manually.

Users who encounter files with cryptic viruses are advised not to redeem and look for decryption tools – these may sometimes be necessary. According to ESET, security experts are constantly looking for errors in the execution or execution of command line viruses in order to be able to provide decryption tools to users as quickly as possible.