The Nomad Ransomware is another variant of the prolific Dharma ransomware family. The Dharma Ransomware itself was notorious for targeting only the directories inside the user’s directory on Windows, with encrypted files receiving the suffix ‘.dharma’ at the end of each file name. Dharma Ransomware variants, including Nomad Ransomware, will leave victims a ransom note.
When Nomad Ransomware encrypts a file, like Dharma Ransomware, it will modify the file’s original name with the ‘.nomad’ extension. Two different ransom notes will be dropped on the compromised device. Those ransom notes will notify the affected users about the infection. One of the ransom notes can be found inside the ‘info.txt’ text file, and the other will appear in a pop-up window.
The Nomad Ransomware Ransom Note
The two notes left by Nomad Ransomware closely resemble the typical Dharma Ransomware note. The text file states that users must establish contact with the attackers and provides two email addresses – ‘nomad.crypt@onionmail.org’ and ‘nomad.crypt@msgsafe.io.’ Although the instructions in the pop-up window are a bit more drawn out, the note itself lacks any additional meaningful details. It also reiterates the same email addresses and warns victims not to rename any of the encrypted files.
Nomad Ransomware Removal
You should scan for and remove any elements associated with the nasty Nomad Ransomware by employing a reputable malware remediation program.
