Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware.

If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely remember the ILOVEYOU virus (also known as the “Love Bug” or “Loveletter”).

When the Love Bug virus struck in May 2000, it tricked millions of people into opening its malicious attachment by posing as a love letter from a friend or colleague. It wasn’t a particularly sophisticated piece of malware, but as a piece of social engineering, it was undeniably genius.

After all, who doesn’t love the idea of receiving an email with the subject line “ILOVEYOU”?

Perhaps memories of the Love Bug were high in the minds of those responsible for a current campaign involving the Nemty ransomware, which seems to be using very similar tactics.

As Bleeping Computer reports, malicious emails are being sent out with subject lines like:

  • I love you
  • Can’t forget you
  • Don’t tell anyone
  • Letter for you
  • Will be our secret

Attached to each email is a ZIP archive file named LOVE_YOU_######_2020.zip (where the ###### represents random characters), and inside that archive is a malicious script called LOVE_YOU.js.

As in affairs of the heart, one things lead to another. In this case, the malicious Javascript downloads the Nemty ransomware from the internet and runs it on your computer, encrypting files and demanding a ransom payment for the decryption key.

The start of the ransom note reads as follows:

—> NEMTY 2.5 REVENGE <—

Some (or maybe all) of your files got encryped.
We provide decryption tool if you pay a ransom.

Don’t worry, if we can’t help you with decrypting – other people won’t trust us. We provide test description, (Read more...)