Home / Spyware Help / NSB Ransomware Removal Guide

NSB Ransomware Removal Guide

by 0 Comments

Do you know what NSB Ransomware is?

NSB Ransomware is a malicious application that blocks the screen by showing a warning demanding to pay a fine for violating the copyright laws. On top of that, the malware also encrypts some of the files located on the infected computer. Unfortunately, such records become useless as to open them the user needs decryption tools. According to the ransom note paying the fine would both unlock the screen and decrypt user’s files, but you should realize there are no guarantees and it is possible the money you spend could be lost in vain. Therefore, if paying for help you may never receive does not sound wise, we advise you not to take any chances and delete NSB Ransomware instead. Eliminating the malicious application will not restore damaged data, but it will unlock the screen. If this is what you want to do, you should follow the removal guide available below; it will show how to get rid of the warning and delete the threat manually.

Naturally, users who wish to know more details about NSB Ransomware should keep reading our report. First of all, we want to discuss its distribution. Our computer security specialists think the malware might be spread through malicious file-sharing web pages, Spam emails, etc. This would mean to watch out for such threats users should avoid interaction with questionable content, for example, email attachments from unknown senders, installers from untrustworthy web pages, pirated software, and so on. For additional protection, users should consider installing reputable antimalware software because it might be impossible to avoid all suspicious content all the time and such programs can warn the user about potential threats or even prevent them from entering the computer.

What happens if NSB Ransomware enters the system? We believe it should settle in and then begin encrypting various private files, for example, photos, pictures, videos, archives, documents, etc. Our computer security specialists say the malware marks the data it encrypts with extension used for executable files, so all affected data should have the additional .exe extension at the end of the title. For instance, a file named kittens.jpg would become kittens.jpg.exe. Next, NSB Ransomware should stop particular processes and eventually lock the screen by displaying a window with a ransom note that cannot be closed. The message should threaten the user will have to go to prison and additionally pay a massive fine if he does not transfer the requested amount of money to the given Bitcoin wallet. It is said the warning comes from the United States Department of Justice. Needless to say, the mentioned institution wold newer show such messages or ask to pay a fine with Bitcoins, so it is clearly a work of cybercriminals.

As we explained earlier, paying to the NSB Ransomware’s creators would be risky, and if you are not prepared to gamble with your savings, you should ignore the ransom note. Instead, we advise concentrating on how to eliminate the malware as it will help you to unlock the screen and clean the system. To make the task easier we prepared a removal guide available below. Once you make sure the malicious application is gone you could replace encrypted files with backup copies you might be keeping on removable media devices or cloud storage.

Reboot in Safe Mode with Networking

Windows 8/Windows 10

  1. Press Windows Key+I (Win8) or open Start menu (Win10) and click the Power button.
  2. Tap and hold the Shift key and press Restart.
  3. Open Troubleshoot and select Advanced Options.
  4. Pick Startup Settings and click Restart.
  5. Press the F5 key and reboot the device.

Windows XP/Windows Vista/Windows 7

  1. Go to Start then select the Shutdown options and click Restart.
  2. Click and hold the F8 key as soon as the device starts restarting.
  3. Select Safe Mode with Networking and click Enter.
  4. Log on to the computer.

Enable Show Hidden Files and Folders

Windows 8 & 10

  1. Press Windows Key+E.
  2. Choose the View tab and tap on Options.
  3. Select change folder and search options.
  4. Click on the View tab and mark Show hidden files, folders and drives.
  5. Click OK.

Windows 7 & Vista

  1. Go to Start and open Control Panel.
  2. Select Appearance and Personalization.
  3. Go to Folder Options and click the View tab.
  4. Select Show hidden files, folders and drives.
  5. Press OK.

Windows XP

  1. Navigate to Start and open Control Panel.
  2. Choose Appearance and Themes.
  3. Select Folder options and open the View tab.
  4. Choose Show hidden files and folders.
  5. Press OK.

Erase NSB Ransomware

  1. Tap Windows Key+E.
  2. Locate this path: %ALLUSERSPROFILE%
  3. Search for a couple of folders with random titles, for example, pCUcwEQc; inside each of it, you should find an .exe file with a random title too.
  4. Right-click the described folders and choose Delete.
  5. Find this location: %USERPROFILE%
  6. Look for another malware’s folder with a random title.
  7. Right-click the suspected folder and select Delete.
  8. Exit File Explorer.
  9. Press Windows Key+R.
  10. Type Regedit and tap OK.
  11. Go to these paths:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
  12. Find two value names with random titles.
  13. Right-click the suspicious value names and select Delete.
  14. Leave Registry Editor.
  15. Empty your Recycle bin.
  16. Reboot the computer.

In non-techie terms:

NSB Ransomware is a dangerous threat that could block your screen to take away your access to the computer. To get it back the cybercriminals ask users to pay a ransom. However, at the same time, they made the ransom note look like a warning from the government. Obviously, by threatening the user will be sentenced to serve in prison, they expect to scare inexperienced users into paying them money. The message is supposed to claim the user violated the copyright law and if he has at least one pirated application; the notification might look somewhat realistic. We would not recommend paying the ransom even if it seems like the only way to take back the control over the computer and restore the malware’s encrypted files. There is not knowing if the hackers will do like the warning promises and if they decide not to bother the money you transfer would be lost for nothing. Thus, if you do not want to risk experiencing this scenario, we advise erasing the malicious application at once. To unlock and delete its data manually you should follow the removal guide available a bit above this paragraph. On the other hand, if the process seems too complicated, you could restart the system in Safe Mode with Networking and then install a reputable antimalware tool that could do the rest of the job for you.