Rewterz Threat Alert – Nokoyawa Ransomware – Active IOCs
Severity
High
Analysis Summary
NOKOYAWA is a new emerging ransomware that encrypts data and demands ransom for its decryption. It encrypts files and attaches a “.NOKOYAWA” extention to their filenames. To be more precise, a file named “1.jpg” would become “1.jpg.NOKOYAWA,” and the same goes for other files that are impacted by this ransomware. After this process, a ransom note titled “NOKOYAWA_readme.txt” is created on the desktop. This ransomware’s ransom message is repeated twice in both English and Chinese. They notifies victims that their files have been encrypted and can only recovered via the attackers’ decryption key. Infected email attachments and torrent websites could be the distribution method for this ransomware.