The Nevada ransomware is a new member of the Nokoyawa’s family. It is written in Rust, which make it harder to debug and more easy to compile as a cross-platform binary.
The ransomware inspects folders recursively and encrypts files using 2 algorithms: Salsa20 and Curve25519. The malware includes an option that let it reboot the computer in safe mode to deactivate Windows Defender service.
Nevada provides many other options like deleting shadow copies, loading hidden drives, performing encryption on network shared folders and deleting itself after the encryption which makes it harder to detect.
SNS using the advanced AV option or the Breachfighter option offers a first layer of protection by blocking the file entering one’s network, based on its behavioral engine detection.
SES Evolution also detects and blocks the current Nevada ransomware with the default security policy without any updates.
References: