New Virus – N1N1N1 Ransomware Infection

The new ransomware virus dubbed N1N1N1 by security researchers. The virus targets specific files and encrypts them, making them unusable without a key. N1N1N1 demands 1.5 BTC for the ransom, around 900 US dollars, though victim can bargain with the crooks for a different price.

Known AsN1N1N1 ransomware
ActivityInfect PC, encrypts their files and asks for payment in return for their decryption.
SpreadEmail spam, malicious attachments

N1N1N1 – Ransomware Virus Report

The N1N1N1 ransomware virus spreads through email spam and malicious attachments. That is to say, the cybercriminals behind the virus are sending emails that are infected with N1N1N1 to unsuspecting users. The emails are likely created to look like they were sent from a legitimate institution like:

  • Service Providers
  • Financial Institutions
  • Software companies like Microsoft

Users should watch out if they receive emails untypical of the sender. Legitimate institutions rarely sent their data with ZIP files, for example. Once users open the ZIP file, their computer can get infected.

N1N1N1 Ransomware Virus – How Does It Work? How Dangerous Is It?

Once the N1N1N1 virus gets into the computer, it’ll create a few files in the Window’s system folders. The folders include:

  • C:\ Users\ [ Windows username]\ Appdata\ Roaming
  • C:\ Users\[ Windows username]\ Appdata
  • C:\ Windows\ Temp
  • C:\ Windows
  • C:\ User\[Windows username]\ AppData\ Local

The files are usually .exe, .tmp, .dll, but other types.

N1N1N1 is most likely to encrypt files of the following types:

  • Audio
  • Video
  • Document
  • Project files of popular programs like Adobe Premiere, Photoshop, and others

These files are most likely to be valuable to the users, and that’s exactly why the crooks target them.

The virus is also going to change the infected Pc’s desktop and display a ransom note that states:

If you don’t speak english then use public online translators https://translate.google.com or https://www.bing.com/Translator or https://www.translate.com .
Your files encrypted.
To decrypt and return control to all your encrypted files you need :
1) Go to https://www.torproject.org/download/download-easy.html.en . Download Tor browser for windows.
If you can’t open this page then go to https://www.torproject.org and click on button Download.
It will redirect you to page where you can find “Tor Browser for Windows”. Download it.
If you still can’t download or run tor browser then download, unpack and run the most stable tor browser version here:
https://docs.google.com/uc?id=0B7IelRsUOVDAMjF3M3VySjFFbFE&export=download
2) Install it and run it.
3) Type in the address bar www.hs5br44fuvaazn72.onion/start.php and open our secret website.
4) Secret website will ask you to input your public key.
5) Enter your public key and follow the instructions.
Your public key:
If you have any problems while downloading or installing tor browser or opening secret tor site then
if you have antivirus then remove or disable it (antivirus can prohibit open tor browser) or try use other computer.
Don’t forget that you can browse www.youtube.com and search videos with tor browser installation process.
If you still can’t open this secret page then
1) Go to https://mail.google.com (use your usual browser: (firefox, google chrome, …)
2) If you don’t have a @gmail account then sign up. You will get google (gmail) account.
3) Compose letter and send it to [email protected]
In letter you need type us your public key (see public key above).
4) Soon (in 1 or 2 days), we will send you instructions what you need to do to decrypt your files.
Small remark:
You can compose and send letter using other mail provider (…@aol.com …@yahoo.com or other)
but we DON’T RECOMMEND you to do it because we are not sure that we will receive your letter!

The crooks have given emails for contact, which means that their victim can communicate with them and try to bargain a better “deal” or to negotiate the encryption of a few files. The ransomware scammers aren’t obligated to lower the price, or even to decrypt the files once the ransom is paid.

N1N1N1 Ransomware Virus – Conclusion

The N1N1N1 is another virus in a long line of ransomware infections. Ransomware viruses are a very serious problem worldwide, especially for hospitals. If you’re unlucky enough to get a ransomware infection by N1N1N1 or a similar virus, try to restore your files without paying the crooks. There are a few alternatives, like getting an anti-malware tool or downloading decryption software.

Was this content helpful?

Alex Dimchev

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *