Null Ransomware

What is Null Ransomware?

If your PC has been infected with Null Ransomware, then you ought to remove it as soon as you can because it will encrypt your files immediately. The cyber criminals behind this ransomware want you to pay a measly 10 USD for a decryption key, but the problem is that you might not get the key even after you have paid. This ransomware targets personal files in particular. Our researchers say that this specific ransomware is dedicated to encrypting pictures and documents. It uses the Advanced Encryption Standard (AES) to encrypt your files. The encryption is very strong, and there is no free decryption tool available yet. For more information on this particular ransomware, please continue reading.

What does Null Ransomware do?

Null Ransomware is a typical ransomware-type computer infection that uses the Advanced Encryption Standard (AES) to encrypt your files. This ransomware, in particular, uses the AES-256 algorithm which is sufficient to keep your files encrypted. Our cyber security experts have concluded that this ransomware targets pictures and documents specifically to encrypt as many of your personal files as possible. It appends the encrypted files with a “.null” file extension letting you know that those particular files have been encrypted.

Once the encryption is complete, this ransomware will launch its user interface window that will greet you with a message that reads “"Your files are encrypted with AES-256! It's impossible to recover your files without our decryption service and this programm. It's recommended that you turn off your antivirussoftware now because it may removes this programm." Evidently, this ransomware was created by non-native English speakers. Hence the poor grammar. The criminals want you to pay 0.00234275 Bitcoins, which is 10 USD. 10 dollars might not look like much, but your files may not be worth the money and, furthermore, there is no guarantee that your files will be decrypted once you pay the ransom.

Where does Null Ransomware come from?

This  malicious application is disseminated with the help of email spam. It seems that its developers have set up an email server dedicated to send this ransomware to random email addresses. Researchers say that the emails can be made to look like invoices or some other type of email that is, allegedly, sent from a legitimate well-known company. This ransomware’s dropper file is attached to the email. The attached file can be disguised as a PDF document that, once opened, will drop Null Ransomware into %APPDATA% and run it automatically. As a result, this ransomware will start encrypting your files immediately. You can try to prevent the encryption provided that you know that your PC has been infected with Null Ransomware by opening the Task Manager, clicking the Processes tab and identifying the process named "strix" (the name can be random,) right-clicking it and clicking End Process.

How do I remove Null Ransomware?

It is evident that Null Ransomware is a highly malicious program. It uses a strong encryption algorithm to make your files inaccessible. Its developers demand a modest ransom payment, but sending the money can be in vain because the cyber crooks might not keep their word and decrypt your files. Therefore, we recommend that you remove this ransomware using either an antimalware program such as SpyHunter or the instructions provided below this article.

Removal Guide

1. Simultaneously press Ctrl+Shift+Esc keys.
2. Click the Processes tab.
3. Find a process called “strix” (name can be random)
4. Right-click it and click End process.
5. Close the Task Manager.
6. Simultaneously press Windows+E keys.
7. Type %APPDATA% in the address box.
8. Press Enter.
9. Locate the malicious EXE file.
10. Right-click it and click Delete.
11. Right-click the Recycle Bin and click Empty the Recycle Bin. Download Removal Tool100% FREE spyware scan and
    tested removal of Null Ransomware*