Malware

Nemty Ransomware, a new malware appears in the threat landscape

A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections.

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure.

Below the ransom note dropped by the Nemty ransomware after the encryption process is completed. Attackers demand the payment of a 0.09981 BTC ransom (roughly $1,000) through a portal hosted on the Tor network.

Source BleepingComputer

“In BleepingComputer’s tests, the ransom demand was 0.09981 BTC, which converts to around $1,000 at the moment.” reported BleepingComputer that first reported the news.

“The payment portal is hosted on the Tor network for anonymity, and users have to upload their configuration file.”

Victims could upload their configuration file, in turn, the operators behind the ransomware will provide with the link to another website that comes with a chat function and more information on the demands.

The popular malware researcher Vitali Kremez discovered that the Nemty ransomware uses an unusual name for the mutex object, “hate.”

The code also included a link to an image of the Russian President Putin and a message to the antivirus industry.

“Another weird thing Kremez noticed in Nemty’s code is a link to this picture of Vladimir Putin, with a caption saying “I added you to the list of [insult], but only with pencil for now.” continues BleepingComputer.

“At first, the reference seemed an odd thing in the code but a second look at how Nemty worked revealed that it was the key for decoding base64 strings and create URLs is a straight message to the antivirus industry.”

The malware also checks if the ransomware is infecting a computer in Russia, Belarus, Kazakhstan, Tajikistan, and Ukraine, but unlike other threats, this information is not used to halt the encryption process.

According to Kremez, the ransomware is dropped via compromised remote desktop connections.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Nemty ransomware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

17 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.