.NBES File Extension
Nbes Ransomware Encrypted File
3.0 | 1 Vote
What is an NBES file?
A file with an .nbes extension is a file that has been encrypted by the Nbes virus, which is a variant of STOP (Djvu) ransomware that became prevalent in early 2020. It is encrypted so it is not possible to open the file by simply changing the .nbes file extension.
Nbes ransomware is a type of malware utilized by cybercriminals that encrypts the files on a computer with AES-256 encryption. After the ransomware takes the files hostage, it forces the victim to pay the perpetrator to unlock the files. It is most often introduced to a victim's computer through spam emails with malicious links or file attachments that are downloaded and run by unsuspecting users. The virus may also be introduced when a user downloads malicious files from torrent websites or clicks on fake social media posts.
When the ransomware runs on a user's computer, it encrypts files on the computer and adds the .nbes extension onto the names of the files. The types of files typically targeted include spreadsheets, documents, images, videos, and backup files, such as .XLSX, .PDF, .PNG, .MP4, and .DB files. For example, an image.jpg file becomes image.jpg.nbes.
The virus then generates a _readme.txt file in each folder that stores an encrypted file on the user's computer. The _readme.txt file contains instructions explaining the hostile takeover of the user's files and how the user can recover his files by paying a ransom payment.
How to open an NBES file
Currently, there is no program available to effectively restore NBES files to their original state. If you have a recent backup of your files, you can perform a system restore to remove the virus, but any changes made to files after the backup was made will be lost.
FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.