Nuke ransomware, first identified in 2016, encrypts files with an AES 256-bit encryption key that is protected by asymmetrically encrypting it using 2048-bit RSA. Once a file is encrypted, Nuke changes the file name to a combination of random characters followed by a .nuclear55 extension. For example, an infected file name might be “ab0a+afbamcdEcmf.nuclear55”.
Once Nuke executes it drops two files to the desktop: !!_RECOVERY_instructions_!!.html and !!_RECOVERY_instructions_!!.txt. The files inform the victim of the infection and provide details on how to pay ransom. Nuke also changes the desktop wallpaper to alert the user to the infection.
Source: Blackberry Cylance