April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
August 27, 2019Rewterz Threat Alert – Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes
August 27, 2019Rewterz Threat Advisory – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
August 27, 2019Rewterz Threat Alert – Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes
August 27, 2019
Severity
Medium
Analysis Summary
A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call it Nemty.
This is the first version of Nemty ransomware, named so after the extension it adds to the files following the encryption process.
Like any proper file-encrypting malware, Nemty will delete the shadow copies for the files it processes, taking away from the victim the possibility to recover versions of the data as created by the Windows operating system.
Victims will see a ransom note informing that the attackers hold the decryption key and that data is recoverable for a price.
The payment portal is hosted on the Tor network for anonymity, and users have to upload their configuration file.
Based on this, they are provided with the link to another website that comes with a chat function and more information on the demands.
Impact
File encryption
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the link//attachments sent by unknown senders.