NEFILIM Ransomware
The NEFILIM Ransomware is a file-locking Trojan that's independent of any known family or Ransomware-as-a-Service (RaaS). Installations may use digital certificates as part of their disguises while sabotaging the user's media files by encrypting them. Users should always save backups appropriately for recovering and let their preferred anti-malware products contain or delete the NEFILIM Ransomware on sight.
A Surprisingly Cross-Cultural Trojan's Campaign
Russia is the possible origin of another file-locking Trojan's campaign, but with a name hearkening back to ancient elements of Jewish folklore. The NEFILIM Ransomware has no identifiable relatives, but its attacks are very similar to those of the Scarab Ransomware, the Globe Imposter Ransomware, and other Ransomware-as-a-Services. Whatever its ethnicity is, in reality, the Trojan is another source of danger to unbacked up files for Windows users around the world.
The NEFILIM Ransomware is circulating with digital certificates signed by Sectigo and a medical supplies company, which may trick some security products into not identifying it as being threatening. The 32-bit Windows program generates a Russian language Mutex during its installation before commencing with attacks that are common amongst most file-locker Trojans. It encrypts a vast range of file formats, including most media, and adds 'NEFILIM' extensions onto their names as indicators of the blockade. This attack keeps the user from opening most of their files.
The NEFILIM Ransomware's monetization element comes through a Notepad text file that it creates, which offers general, English language directions, and several e-mails for negotiating. Although the NEFILIM Ransomware's authors are providing limited free samples, the cost of gaining access to the full decryption service is an unknown factor. As usual, the threat actor may or may not follow through on any promises they make during the negotiations.
Shutting Trojans Back into the History Books
The NEFILIM Ransomware's name refers to the Nephilim race of Biblical times, but its distribution shows no particular preference for religious demographics or specific regions of the world. Users should continue protecting themselves with all appropriate steps, including:
- Create backups of files such as documents for restoring from encryption attacks.
- Deactivate or secure RDP and other remote administration features.
- Avoid passwords that criminals could compromise through brute-forcing, including prevalent ones or ones associated with particular brands of hardware (such as a router).
- Remain cautious around e-mail attachments, torrents, and download links through advertising content, which are highly-active infection vectors.
The NEFILIM Ransomware poses little to no danger to the user's operating system but will encrypt most files other than Windows components. Since there isn't a free encryption solution to its payload, users should depend on anti-malware tools for catching and removing the NEFILIM Ransomware in time.
The investment in digital certificate signing makes the NEFILIM Ransomware a little more professional than the average case of a single, Russian Trojan project. Users should take it just as seriously as it warrants and protect their files before the worst happens.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.