Nemesis Ransomware
Posted: January 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 26 |
| First Seen: | January 10, 2017 |
|---|---|
| Last Seen: | April 22, 2020 |
| OS(es) Affected: | Windows |
The Nemesis Ransomware is a Trojan that uses encryption to block your files, after which it deposits a message instructing you to pay for their restoration. Due to the uncertainty of being able to purchase a real decryptor, keeping backups in secure locations is an essential defense against threats of this type. Update your anti-malware products and use them to scan all incoming files to detect and delete the Nemesis Ransomware before it infects your PC.
Your Files Have a New Nemesis
For the most part, the threat market is under domination by extended families of threats rented to con artists who tailor their details to their personal preferences. However, independent projects also are an important part of any threat database, with the Nemesis Ransomware serving as the latest example so far. Malware experts have yet to associate this Trojan with any single family, but the first and foremost impact remains to lock your files, possibly irrevocably, by way of an encryption algorithm.
The Nemesis Ransomware's campaign seems to be targeting small and medium-sized business entities with financially valuable data. These attacks most often abuse e-mail-based infection vectors, although direct hacks of password-protected accounts aren't unknown. When it does infect the target PC, the Nemesis Ransomware conducts attacks as follows:
- The Nemesis Ransomware encrypts any media, based on format and location, with an unknown algorithm. AES-256 is the most popular choice among threat actors currently, due to its efficiency and security. Once encrypted, your files can't open until after you re-interpret the rearranged file data through a decryptor.
- The Nemesis Ransomware also modifies the names of the prior data by inserting the '.v8dp' extension. This extension does bear a superficial resemblance to some versions of the Cerber Ransomware, although malware experts can't confirm any tangible connection.
- The last function creates a local Web page file that hosts the Nemesis Ransomware's ransoming instructions. The threat actors, so far, are refusing to provide their ransom costs upfront. Negotiations by past victims have placed the ransom demands at 10 Bitcoins (over nine thousand USD), an exceptionally high price.
Paying the Proper Price to Put an Enemy Down
Paying con artists ransom money in return for their help often comes with drawbacks, such as their unwillingness or inability to provide real solutions to the problems they cause. Since samples of the Nemesis Ransomware are in limited supply currently, interested parties should consider submitting relevant files to receptive cyber security researchers and companies. Even if a free decryptor never becomes available, paying a fine to the Nemesis Ransomware's administrators always should be a last resort option, if you consider it at all.
Most potential damages by the Nemesis Ransomware are preventable through PC users applying robust backup strategies, such as preserving duplicates of their digital content on detached devices or cloud servers. Your anti-malware protection also may be able to identify and delete the Nemesis Ransomware, or installers for it, when you receive them through e-mail spam or website exploit kit attacks.
A crowded marketplace doesn't mean that all threats are becoming equally cheap for their victims necessarily. The Nemesis Ransomware dares to ask a high price from its victims, but for sufficiently valuable files, possibly no ransom is too high as to be inappropriate.