Nemty Ransomware isn’t an especially well-known threat, but it’s dangerous and should not be discounted. Recently, researchers have discovered an ongoing spam-email driven campaign that’s attempting to spread the ransomware far and wide.
An unknown group of hackers are sending out what appear to be love letters from secret admirers in a broad pattern.
They are probably simply using email addresses purchased in bulk on the Dark Web. The emails use a variety of subject lines like “Letter for You,” “Will be our secret,” “Can’t Forget you,” and “I love you.” They have no body text and feature nothing more than a wink emoji. That is clearly a bid to entice recipients into responding by clicking on the enclosed attachment to see what all the fuss is about and get to the bottom of the mystery.
Unfortunately, those that do so doom themselves. The attached file is a poisoned Java Script that installs the ransomware, which promptly locks the user’s files and then displays a ransom payment demand.
The fact that Nemty isn’t widely known works in its favor, as it gives the malware a very low VirusTotal detection rate. That will undoubtedly lead to a higher than usual percentage of infections until an increasing number of antivirus companies add the malware to their definitions. It’s a short-term advantage, but one the hackers will surely make full use of until the AV companies catch up.
Nemty’s developers have also threatened to create a blog, which will be used to release sensitive information of those who refuse to pay the ransom.
Finally, be aware that Nemty is known for deleting shadow copies as it encrypts files. So if you’re not in the habit of making regular backups, if you get hit with this strain, you will have no way of recovering your data. Make sure your employees are aware!