Malware spotlight: Nemty

Introduction

If the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as rationale to simply ignore the deluge of new types of malware that are discovered weekly, as the recently discovered malware family Nemty has demonstrated. 

While appearing at first like an almost run-of-the-mill malware, Nemty has assimilated some dangerous and destructive techniques and tactics used by previously-seen ransomware to become a formidable information security foe for those unprepared. 

This article will explore Nemty malware from a high-level view. We’ll look at what Nemty is, how it spreads and how it works, as well as useful prevention tips. 

What is Nemty?

Nemty is a type of ransomware that was discovered in the cybersecurity wild in mid-August of 2019. At first, it was not too different from other types of ransomware aside from the fact that compromised systems would display a note from “NEMTY PROJECT” — which is still the easiest way for victims to know who is behind their ransomed files.

Over time, Nemty took on characteristics used by other types of ransomware, making it clear that it was a dangerous work in progress that needed to be taken seriously. Just some of these assimilated traits include leveraging the RIG exploit kit and doxing victims of its ransomware campaign. However, this should not distract from the fact that Nemty is truly its own animal: aside from the note mentioned above, Nemty also contains an Easter egg of a photo of the president of the Russian Federation, Vladimir Putin, along with an abusive message for the Nemty victim.

How does Nemty spread?

Nemty spreads through several methods. When it was first discovered, Nemty was spread via phishing emails (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ofl1BTzrYlo/