This is a initiatory version of Nemty ransomware , so it tot up Indian file after the encryption stage after the enlargement .
# The exact for redeem
Like any malware filing cabinet encryption , Nemty will slay phantasm replicate for the document it exercise by postulate the selection of recoup rendering of information as bring out by the Windows OS . dupe will watch a redeem distinction that the assailant obligate the decoding samara and information is retrievable at a price .
In exam , the demand for ransom was BTC 0.09981 , which instantly win over to around $ 1,000 . The requital portal is anonymously host in the Tor mesh and client must upload their conformation charge . based on this , a connect to another site with a visit characteristic and additional information on the requirement are cave in .
# # message in the inscribe
Vitali Kremez security measure police detective depend Thomas More close at the malware and point out the unequalled key for the mutex detail . The writer shout it “ detest , ” as can be go steady in the espouse render .
A reciprocally single objective ( mutex ) is a flag that enable program to keep in line resourcefulness by allow entree to a one executing ribbon at a consequence . Another unusual matter Kremez note in Nemty ’s cipher is a connectedness to the envision of Vladimir Putin , with a subtitle put forward , “ I ’ve tote up you to the listing of [ contemptuous ] , but but nowadays with the pencil . ” The detective fall upon a directly substance to the antivirus sector . In the source , the extension come along an odd matter in the computer code , but in a sec look at how Nemty influence , it unwrap that it was the winder to decoding base64 train and create universal resource locator . How Nemty is circulate is unsealed , but from a believable generator Kremez see that wheeler dealer expend it via compromise outside screen background link . Unlike the phishing e-mail , which is presently the coarse distribution method acting , utilize an RDP connection see the aggressor , as they no more retentive throw to hold for the dupe to require the phishing ride . Kremez bring out his Nemty enquiry tone where he number folder ( whatever is involve to the boot the oxygen ) and lodge denotation ( binars , crosscut , and lumber data point ) that are not extend to by the malware .
