- Home
- Detectable Ransomware
- Nokoyawa
Ransomware Research
Nokoyawa Ransomware
Nokoyawa is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2022, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: UserNamme.
Quick Facts
- Ransomware Family
- Nokoyawa
- First Seen
- February 1, 2022
- Known Aliases
- UserNamme
How Nokoyawa Ransomware Works
Targeted Files
https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokayawa-variant
File Encryption Patterns
Nokoyawa modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..NOKOYAWA
Ransom Note and Payment Demands
After encrypting files, Nokoyawa displays ransom notes demanding payment for file recovery:
NOKOYAWA_readme.txt
Ransom message:
notes/NOKOYAWA_readme.txt
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Nokoyawa ransomware:
xxx.exe
444cb41f-ba4d-443e-ab42-322ae70c7197
w1.exe_
Elastio Can Help You
Don't let Nokoyawa ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Nokoyawa ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Nokoyawa.
Last updated: July 30, 2025