Nemty Ransomware
Ransomware | 03/03/2020

Nemty Ransomware Love Letter Spam helps it spread infection

About: The novel Love Letter Spam of Nemty Ransomware helps it proliferate infection & increase the number of victims around the world. The e-mail contains a love letter template with enticing subject lines to swindle the innocent users. Read on to know mor...  Read More  

| Ransomware | Nemty Ransomware Love Letter Spam helps it spread infection

The developers of the nasty Nemty Ransomware have adapted a novel mal-spam technique to spread its wings in the cyber-world. This ongoing spam e-mail campaign delivers devious mails to the targeted users, masquerading as messages from the secret lovers.

Nemty Malspam E-mail

A mere click on these deceitful mails distributes malevolent Nemty Ransomware payloads on the victim’s system.

The cyber-security researchers discovered this ongoing love letter spam recently & found hackers distributing malicious messages persistently since 26th February 2020.

Insight into recent Attack of Nemty Ransomware

The nasty Nemty Ransomware first surfaced to lime-light in August 2019. It is known for infecting a substantial number of computer users from around the world. This high-risk file virus used exposed Remote Desktop Connections to proliferate its infection. It would encrypt files & demand a ransom of 0.09981 Bitcoin in exchange of the Nemty decryptor & unique private key.

In November, the developers of Nemty partnered with Trik Botnet (Trojan.Wortrik) to expand its reach. Once the systems are compromised with Trojan, Nemty Ransomware payloads would be delivered on them.

The Spread Techniques of Nemty File Virus

Initially, the developers used RIG Exploit kits & malicious spam campaigns to distribute Nemty infection. Most of the Nemty victims were reported in China & Korea.

It later used Trik Botnet to spread its infection.

Though Nemty File Virus appeared to be ordinary malware at first, constant change in its spread techniques made it evident that malware is evolving & may pose a serious threat in coming days.

The Novel Love Letter Spam of Nemty Ransomware

The devious Nemty Ransomware is currently using spam e-mail campaign to deliver Nemty payloads on the compromised systems. The e-mails sent out by the hackers’ disguises as texts from the secret lovers.

The attackers have smartly chosen enticing subject lines to swindle the innocent users into thinking that the e-mail is sent by an acquaintance. The e-mail consist of a love letter template with subject lines such as – “Don’t Tell Anyone”, “I Love You”, “Can’t Forget You”, “Will be Our Secret” & “Letter for You”.

What makes this love letter spam different from others is that these enticing e-mails contain a wink text emoticon [ 😉 ] as the only content.

Each e-mail contains a ZIP Archive named ‘’, the sources state. X represents a ransom string that is unique for every targeted user.

Nemty JavaScript File

Each of the archives contains a highly vague JavaScript File named LOVE_YOU.js. Since this file has a negligible detection rate, it leads to a substantial increase in the number of infections.

This script is used to drop Nemty Ransomware executable on the target’s system, after the malicious payload from the remote server downloads.

The researchers found that upon execution, Nemty Ransomware encrypts the system files & drops a ransom-demanding note that asks victims to pay the ransom in exchange of the decryption key & unique key.

The operators of this nasty File Virus revealed last month that soon a leak blog will be created by them. The blog will be used to publish information gathered from the victims who denied paying ransom.

Nemty has decided to follow the foot-prints of Maze Ransomware, who started the trend of leaking the gathered information on blog.

Hits: 598

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866