The developers of the nasty Nemty Ransomware have adapted a novel mal-spam technique to spread its wings in the cyber-world. This ongoing spam e-mail campaign delivers devious mails to the targeted users, masquerading as messages from the secret lovers.
A mere click on these deceitful mails distributes malevolent Nemty Ransomware payloads on the victim’s system.
The cyber-security researchers discovered this ongoing love letter spam recently & found hackers distributing malicious messages persistently since 26th February 2020.
The nasty Nemty Ransomware first surfaced to lime-light in August 2019. It is known for infecting a substantial number of computer users from around the world. This high-risk file virus used exposed Remote Desktop Connections to proliferate its infection. It would encrypt files & demand a ransom of 0.09981 Bitcoin in exchange of the Nemty decryptor & unique private key.
In November, the developers of Nemty partnered with Trik Botnet (Trojan.Wortrik) to expand its reach. Once the systems are compromised with Trojan, Nemty Ransomware payloads would be delivered on them.
Initially, the developers used RIG Exploit kits & malicious spam campaigns to distribute Nemty infection. Most of the Nemty victims were reported in China & Korea.
It later used Trik Botnet to spread its infection.
Though Nemty File Virus appeared to be ordinary malware at first, constant change in its spread techniques made it evident that malware is evolving & may pose a serious threat in coming days.
The devious Nemty Ransomware is currently using spam e-mail campaign to deliver Nemty payloads on the compromised systems. The e-mails sent out by the hackers’ disguises as texts from the secret lovers.
The attackers have smartly chosen enticing subject lines to swindle the innocent users into thinking that the e-mail is sent by an acquaintance. The e-mail consist of a love letter template with subject lines such as – “Don’t Tell Anyone”, “I Love You”, “Can’t Forget You”, “Will be Our Secret” & “Letter for You”.
What makes this love letter spam different from others is that these enticing e-mails contain a wink text emoticon [ 😉 ] as the only content.
Each e-mail contains a ZIP Archive named ‘LOVE_YOU_xxxxxx_2020.zip’, the sources state. X represents a ransom string that is unique for every targeted user.
This script is used to drop Nemty Ransomware executable on the target’s system, after the malicious payload from the remote server downloads.
The researchers found that upon execution, Nemty Ransomware encrypts the system files & drops a ransom-demanding note that asks victims to pay the ransom in exchange of the decryption key & unique key.
The operators of this nasty File Virus revealed last month that soon a leak blog will be created by them. The blog will be used to publish information gathered from the victims who denied paying ransom.
Nemty has decided to follow the foot-prints of Maze Ransomware, who started the trend of leaking the gathered information on blog.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.