Nuis ransomware is malware that encrypts files, a variant of the Djvu/STOP ransomware family. When it encrypts files, it adds .nuis to them, which will make it easy for you to recognize which files have been affected. Unfortunately, unless you run a decryptor first, encrypted files will remain unopenable. And obtaining the decryptor won’t be easy given that only cybercriminals have it. The decryptor can be bought for $980, but purchasing it has some risks.


Nuis ransomware note


As soon as the malware is initiated, it will immediately begin encrypting files. Personal files including photos, videos, and documents are the main targets. Because they will have a .nuis extension, it will be clear which files have been encrypted. Unless you run a decryptor on them first, files with this extension will not be openable. It won’t be easy to obtain the decryptor, which currently only the ransomware operators have. The _readme.txt ransom note that is dropped in all folders with encrypted data contains instructions on how to buy it.

Nuis ransomware files

The ransom note explains that a Nuis ransomware decryptor costs $980. The note also assures that victims who contact the malicious actors within the first 72 hours will receive a 50% discount. You should be skeptical of these claims. You are dealing with cyber criminals after all. In fact, it is not recommended to interact with cybercriminals in any way or pay the demanded ransom. Even if you pay the ransom, there is no guarantee that you will receive a decryptor. Malware developers are unlikely to feel any obligation to help victims even if they pay the ransom. And keep in mind that the payments from victims will be used to fund other criminal activity.

Unfortunately, there is currently no free Nuis ransomware decryptor available, so victims without backups won’t be able to restore their files. The Djvu/STOP family’s ransomware variants encrypt files using online keys, which means they are unique to each user. A free Nuis ransomware decryptor is not likely to be released unless users’ encryption keys are made public. It’s possible, though, that these keys will someday be released if cyber criminals decide to stop their malicious operations.

However, because there are so many fake ransomware decryptors, you should proceed with extreme caution. Do not trust random forums to provide you with a free Nuis ransomware decryptor if you cannot find it on a safe site like NoMoreRansom. If you’re not careful, you could end up with another malicious infection.

As soon as you remove Nuis ransomware from your computer, you can begin restoring files if you have a backup of your data. Unless you are well informed about how to do so, you shouldn’t attempt to manually delete Nuis ransomware to avoid causing additional damage. Using an anti-virus tool is safer because it handles everything for you.

Ransomware distribution methods

Users who engage in risky online activities are far more likely to encounter malware than those who have good online habits. For example, you will eventually come across malware if you open unsolicited email attachments, click on dubious links, use torrents to download copyrighted content (aka pirate), etc. It’s highly recommended to change your browsing habits because that can help avoid a lot of malware infections in the future.

Cybercriminals frequently distribute malware using email attachments. For their malicious email campaigns, they buy tens of thousands of email addresses from hacker forums, and they attach infected files to emails. The malware is initiated when users open those infected attachments. These emails are typically very low-effort, making them pretty easy to identify. Grammar and spelling mistakes in emails supposedly sent by reliable businesses are the most obvious warning sign. Since malicious senders typically pose as representatives of legitimate companies, the mistakes are fairly obvious. Since mistakes give emails a less-than-professional feel, legitimate emails rarely have them.

Emails addressing you with words like “User”, “Member”, and “Customer” instead of using your name could also be malicious. Emails sent from companies whose services you use will address you by name. It’s a common tactic used by companies to make an email seem more personal. But malicious actors usually do not have access to personal information (apart from the email address) so they use generic words.

But if a threat actor decides to directly target a victim and gains access to some of their personal information, the emails would be much more sophisticated. These emails would address recipients by name, have no mistakes (or at least not obvious ones), and mention some detail that would give them more credibility. Therefore, it is strongly recommended to scan any unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Malware is frequently distributed via torrents. Since torrent websites are often not well-moderated, criminal actors can post torrents that contain malware. Your chances of running into malware significantly increase if you use torrents to download copyrighted content for free. The majority of malware is typically found in torrents related to entertainment, specifically in torrents for video games, TV series, and movies. Using torrents to download copyrighted content is not only dangerous for your computer and data, but it is also technically stealing.

Nuis ransomware removal

Manual Nuis ransomware removal is not a good idea because ransomware is a very sophisticated threat that requires professional removal. You can end up doing more harm to your computer if you don’t know exactly what you’re doing. Using anti-virus software to remove Nuis ransomware is significantly safer, not to mention easier. You can access your backup and begin restoring your files after the ransomware has been completely removed from the computer by your anti-virus.

Your only choice is to wait for a free Nuis ransomware decryptor to be released if you do not have files stored in a backup. Although it is uncertain when or even if that will happen, it is still a good idea to back up your encrypted files while you wait for a free Nuis ransomware decryptor to be released. If it is ever released, it will be available on NoMoreRansom.

Nuis ransomware is detected as:

  • Win32:CrypterX-gen [Trj] by AVG/Avast
  • VHO:Trojan.Win32.Agent.gen by Kaspersky
  • Trojan:Win32/Sabsik.FL.B!ml by Microsoft
  • Trojan.MalPack.GS by Malwarebytes

Nuis ransomware detections


Quick Menu

Step 1. Delete Nuis (.nuis) ransomware using Safe Mode with Networking.

Remove Nuis (.nuis) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Nuis (.nuis) ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Nuis (.nuis) ransomware
Remove Nuis (.nuis) ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Nuis (.nuis) ransomware

Step 2. Restore Your Files using System Restore

Delete Nuis (.nuis) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Nuis (.nuis) ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Nuis (.nuis) ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Nuis (.nuis) ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Nuis (.nuis) ransomware removal - restore message
Delete Nuis (.nuis) ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Nuis (.nuis) ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Nuis (.nuis) ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Nuis (.nuis) ransomware - restore init
  8. Choose the restore point prior to the infection. Nuis (.nuis) ransomware - restore point
  9. Click Next and then click Yes to restore your system. Nuis (.nuis) ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Incoming search terms:

Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply