Nemty Ransomware
The Nemty Ransomware is a variant of the JSWorm Ransomware, a file-locker Trojan. While the Nemty Ransomware uses a new message for soliciting ransoms, it still encrypts and blocks your files. Saving backups on other systems for their safety will protect your work, although most anti-malware tools should remove the Nemty Ransomware by default.
A Fake Worm Changes Heads
The confusingly-named JSWorm Ransomware, a C++ Windows program that's a Trojan, rather than a worm, has a variant out in the wild. The Nemty Ransomware changes many elements of the old Trojan, but its modus operandi for making money, still, is encrypting files and ransoming their decryptor. Without either decryption or a backup, its victims have questionable recovery possibilities for their work.
The Nemty Ransomware still compromises Windows environments, although changes to its encryption swap the algorithm from Blowfish to AES. This change is, likely, due to security reasons and will prevent decryption solutions for the previous Trojan from working with the Nemty Ransomware's files. Like other, file-locking Trojans, the Nemty Ransomware uses its data-encrypting routine for blocking most work and recreation-related content on your computer, such as documents. It also has a blacklist for what formats it omits from the attack, such as program EXEs (executables).
The Nemty Ransomware's samples also are including some of the standard, anti-security and backup-wiping features of this class of threat. It can prevent boot status errors after its installation, delete the Shadow Volume Copies, and turn off the Automatic Repair feature. None of these issues are rare, but their addition to the Nemty Ransomware causes malware experts to highlight its increased development over JSWorm Ransomware's more limited coding.
Taking Care of an Update to Old Security Problems
The Nemty Ransomware's payload does include some network communicational activity, and malware experts recommend disabling the Internet while dealing with infections. Threat actors may use these backdoors for dropping other threats onto your PC, collecting system data, or even collecting credentials. However, if the Nemty Ransomware only encrypts content, this attack, by itself, can endanger most of your PC's files.
Victims aren't in much danger of mistaking the Nemty Ransomware for its ancestor; the Nemty Ransomware uses a TXT ransom note with different contents from that of JSWorm Ransomware's HTML equivalent. They can contact a cyber-security specialist for investigating any decryption potential with the new routine or, ideally, recover their work from a backup. Backing up media to removable devices or a secure and remote server is the most efficient means of countering any Trojan's file-locking features.
The Nemty Ransomware includes a limited list of regions that it won't attack, which it determines due to language settings, IP addresses, and other environmental information. So far, this includes Russia and adjacent nations, such as Ukraine. Anti-malware products should protect other users sufficiently by removing the Nemty Ransomware as appropriate.
With the Nemty Ransomware, the JSWorm Ransomware's threat actor isn't a one-off operation, but a long-term business. PC workers can keep them from making money through their business services by minding their file storage habits.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.