NSB Ransomware

What is NSB Ransomware?

NSB Ransomware is a troublesome file-encrypting threat because it not only ruins the user’s data but also locks his screen. As a consequence, the user cannot access the computer. Our specialists say users can get rid of the locked screen if they restart the computer in Safe Mode and remove the malicious program. Sadly, the files will remain to be enciphered even if the malware is no longer on the system. Therefore, some users might consider paying to hackers since the message they leave behind states that all will go back to normal soon after the victim pays them a particular amount of Bitcoins. What is interesting is the hackers are trying to convince their victims that they have broken specific laws and they ask to pay not a ransom, but a fine. Nevertheless, we do not think many users might fall for such a scam. Those of you who have no intention to put up with any demands could erase NSB Ransomware while looking at the deletion instructions located at the end of this page. However, if you would prefer to get to know the malware better first, you should read the rest of this article.

Where does NSB Ransomware come from?

NSB Ransomware might be spread via various channels, but our specialists at Anti-spyware-101.com say it is most likely the threat travels with malicious software installers, infected email attachments, or fake updates. It is also possible the malware could enter the system through unsecured RDP (Remote Desktop Protocol) connections, which is why besides avoiding doubtful content you could find while surfing the Internet, we highly recommend securing the system by removing its possible weaknesses, e.g., weak passwords, outdated operating system, browser, or other software, and so on. Of course, if you do not have a reliable security tool installed yet, it might be a smart idea to obtain it as it could help you guard the system against various malicious threats too.

How does NSB Ransomware work?

At first, the malicious program should create a couple of copies of its launcher and then a couple of Registry entries that would make the system run NSB Ransomware when the device restarts. This is why restarting the system cannot unlock the screen. Nevertheless, the screen should be locked only after the threat enciphers user’s photographs, documents, and other valuable data. During this process, the targeted files’ components are shuffled. Making the computer no longer able to recognize them and the user - unable to open his data.

Our researchers say the user can see how the files were affected for himself only after unlocking the screen. NSB Ransomware locks it by hiding the taskbar, killing some other processes, and then displaying a window containing a ransom note on top of the screen. More experienced users should realize the message is posted by malware and not by the United States Department of Justice. The notification claims to be displayed by the mentioned government institution and also shows its logos to make the warning look more convincing.

What’s more, to scare the user the message says he could go to prison if he does not pay a fine of around 250 US dollars (paid in Bitcoins). Plus, it promises the screen and the enciphered files will be unlocked soon after making the payment. The problem is there is not knowing whether the hackers who developed the malicious program will bother to help the victims. Thus, if you do not wish to risk being scammed, we would advise deleting the malware.

How to erase NSB Ransomware?

The first part of the instructions located below will show how to reboot the computer in Safe Mode with Networking to unlock it. Then the user can either keep following the provided steps to get rid of NSB Ransomware manually or install a legitimate antimalware tool to remove the threat with automatic features.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

1. Click the Power button after pressing Windows Key+I.
2. Tap and hold the Shift key then pick Restart.
3. Pick Troubleshoot from the Advanced Options menu.
4. Select Startup Settings, press Restart, then click the F5 key and restart the system.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start and click the Shutdown options.
2. Select Restart, then press and hold the F8 key as soon as the computer begins restarting.
3. Choose from Safe Mode or Safe Mode with Networking in the Advanced Boot Options window.
4. Press Enter and log on.

Display hidden files and folders

Windows 8/10

1. Press Windows key+E.
2. Choose View and select Options.
3. Click Change folder and search options.
4. Select View tab again and mark Show hidden files, folders and drives.
5. Click OK.

Windows 7/Vista

1. Open Control Panel from the Start menu.
2. Go to Appearance and Personalization.
3. Choose Folder Options and tap the View tab.
4. Tap Show hidden files, folders and drives.
5. Press OK.

Windows XP

1. Open Start and launch Control Panel.
2. Navigate to Appearance and Themes.
3. Pick Folder options and go to the View tab.
4. Choose Show hidden files and folders.
5. Click OK.

Eliminate NSB Ransomware

1. Press Windows key+E.
2. Navigate to: %ALLUSERSPROFILE%
3. Find two randomly titled directories (e.g., rWpalqWh) containing randomly named executable files (e.g., wRpUhIoI.exe), right click these locations and press Delete.
4. Access this directory: %USERPROFILE% and locate one more randomly titled folder, then right-click it and select Delete.
5. Close File Explorer.
6. Press Windows key+R.
7. Type Regedit and tap Enter.
8. Search for these two locations:
   HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
9. Look for one value name with a random title in each path, right-click them separately and press Delete.
10. Close Registry Editor.
11. Empty Recycle bin.
12. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of NSB Ransomware*