Napoli Ransomware Holds Files Hostage

Our analysts came across the Napoli malware during the examination of new file submissions. This malicious software is derived from the Chaos ransomware.

During our testing, Napoli ransomware encrypted files and added a ".napoli" extension to their names. For instance, a file originally named "1.jpg" would become "1.jpg.napoli", and "2.png" would change to "2.png.napoli", and so forth.

After completing the encryption process, Napoli dropped a ransom note titled "read_it.txt" and modified the desktop wallpaper. The message tells victims that their data has been encrypted and emphasizes that decryption is only possible with software held by the attackers. The ransom amount for obtaining the decryption tools is stated as 120 EUR in Bitcoin cryptocurrency.

Napoli Ransom Note Demands 0.002 BTC

The complete text of the Napoli ransom note goes as follows:

All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is 120€. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com

Payment informationAmount: 0.0020 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV

What Can You Do in the Case of a Ransomware Infection?

In the event of a ransomware infection, there are several steps you can take to mitigate the damage and potentially recover your files:

Isolate Infected Systems: Immediately disconnect the infected device from the network to prevent the ransomware from spreading to other devices or servers.

Assess the Situation: Determine the extent of the infection and identify which files or systems have been compromised.

Do Not Pay the Ransom: While it may be tempting to pay the ransom to regain access to your files, there is no guarantee that the attackers will provide the decryption key, and paying ransom only funds criminal activities.

Backup Verification: Check the integrity of your backup systems to ensure they are not compromised. If your backups are unaffected, you can restore your files from these backups once the infected system has been cleaned.

Report the Incident: Report the ransomware attack to law enforcement agencies and relevant cybersecurity authorities. This can help track the perpetrators and prevent future attacks.

Seek Professional Help: Contact cybersecurity experts or IT professionals who specialize in dealing with ransomware infections. They can provide guidance on how to remove the ransomware, recover encrypted files, and strengthen your cybersecurity measures to prevent future attacks.