Nemty Ransomware is the recent weapon in the arsenal of the gigantic Ransomware family. It is a high-risk Ransomware-infection that has been developed with a strong financial motive. It is currently spreading at an alarming rate via exposed Remote Desktop Connections.
Once the system is infected, it searches the system for the targeted files. When found, it employs complex Encryption Algorithms to make encrypt the files & instantly makes its inaccessible. It renames the files by adding Nemty extension to the file names.
Following the encryption of the targeted files, it drops a ransom-demanding note in all the existing folders that contain .Nemty files. This ransom-demanding note is in text format & named “NEMTY-DECRPYT.txt”
The note suggests that the only way to restore the encrypted files is to contact the hackers & pay ransom amount. It further states that failing to co-operate with the hackers can lead to permanent loss of the encrypted data.
The developers claim to restore the encrypted files, only if the victim agrees to follow the instructions given by the hackers.
You may wonder about the authenticity of the claims made by hackers. Well, we suggest you not to contact the hackers. Analysis by the cyber security experts has revealed that victims that pay the ransom not always receive positive answer from the hackers.
Hackers avoid responding the victims after receiving the ransom amount. Therefore, victims should act smart & not let the hackers extort money from them.
So, how can you stop Nemty Ransomware from infecting your system? Read on to learn how you can protect yourself from Ransomware & prevent your data from getting encrypted.
|Symptoms||It infiltrates your system with the motive to encrypt stored files. After successful encryption, the virus demands Ransom money to decrypt them.|
|Damage||You cannot open a locked file without paying the asked ransom. Additionally, it may increase the malicious payload in your system.|
|Removal||Download Removal Tool|
Nemty Ransomware is the name of the recent threat to the computer users around the world. This brand-new addition to the gigantic family of Ransomware is spreading mainly through the exposed Remote Desktop Connections.
While Remote Desktop Connections distribution technique is not new for Ransomware propagation, it is considered a more treacherous method when compared to phishing techniques.
After gaining illicit access to the systems via RDP, the hackers get an unregulated entry to the targeted system to launch attacks & propagate wider distribution of malware without the user’s intervention.
Once installed, Nemty crypto virus looks for certain targeted file extensions on the infected system. When found, it employs highly complex Encryption Methods like RAS (Rivest–Shamir–Adleman) & AES (Advanced Encryption Standard) to encrypt the files. These algorithms are also used to generate unique decryption keys for each targeted system.
The encrypted are renamed by appending .Nemty Extension to the file-names. For example, a file named “presentation1.ppt” might be renamed as “presentation.ppt.nemty”.
Detailed analysis has revealed that Nemty File virus also deletes the shadow copies for the encrypted files. Hence, it effectively removes the only way using which the victims could restore the encrypted files for free.
In addition to that, it modifies the Windows Registry & primarily targets certain system files. It is capable of gathering personal information of the victim’s system such as Username, OS Version, and Computer ID & send it back to the hackers.
Once the files are encrypted, .Nemty virus Ransomware drops a ransom note in all the existing folders that contain .Nemty files. This ransom note is a text file named as NEMTY-DECRYPT.txt.
The note contains certain instructions for the victims for getting their data decrypted. It asks the victims to visit a payment portal hosted on a Tor Network, a dark web course designed for anonymous web surfing. Victims are required to pay 0.09981 Bitcoin (equivalent to $1,010.74) in exchange of the Nemty decryption tool & unique key. Failing to pay the ransom in the predefined time limit can lead to increase in the ransom amount by 50%.
However, contacting the hackers & paying the ransom is not always a reliable way to recover .Nemty files. Studies have shown that hackers avoid responding the victims once the payments are received.
Therefore, all the encouragements to contact the hackers & pay the ransom should be ignored.
Sadly, the removal steps of Nemty & .Nemty file decryption are not known at this time. Hence, computer users are advised to employ good security practices & take back-up of the data regularly on an external storage device.
While Nemty Ransomware is a relatively new addition to the family of Ransomware, it has witnessed a few iterations in a considerable short span. Nemty Ransomware variants used different spread techniques to propagate its infection.
Upon execution, this file loaded a malicious version 1.4 of the Nemty Crypto Virus.
The last of the Nemty Ransomware variants used an entirely different exploit kit named Radio Exploit Kit to propagate. In addition to that, phishing e-mails containing infected attachments are being used to trick the users. A mere click on the infected attachments runs the executable files; hence it makes the exploit successful. Thus, Nemty Ransomware is downloaded & executed on the targeted system.
This new Nemty variant contains malign codes for killing the processes & services so as to encrypt the files currently in use with ease.
Some of the processes at the target of the Nemty include WordPad, Microsoft Word, SQL, VirtualBox Software, Microsoft Excel & Outlook Thunderbird E-mail Clients.
Countries currently at the target of Nemty include Russia, Belarus, Kazakhstan, Tajikistan, Ukraine, Azerbaijan, Armenia, Kyrgyzstan and Moldova.
The cyber-criminals use various strategies for Nemty Ransomware distribution which include –
Other prominent spread techniques include exposed Remote Desktop Connections, fake PayPal Sites, RIG Exploit Kits & Radio Exploit Kits.
The removal steps of the Nemty Ransomware are still not known at this time. However, here are few common measures that have been concluded after proper research & analysis by our analysts.
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Once the system restarts, click on the username and enter the password (if any) to log in.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
For Windows 7
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.