This is a number 1 rendering of Nemty ransomware , so it ADD data file after the encoding form after the enlargement .
# The exact for ransom
Like any malware file encryption , Nemty will get rid of trace re-create for the text file it utilise by necessitate the option of retrieve interpretation of data as get by the Windows OS . dupe will meet a redeem take note that the assailant concord the decoding name and data is retrievable at a monetary value .
In test , the require for ransom money was BTC 0.09981 , which straight off change over to around $ 1,000 . The defrayal vena portae is anonymously host in the Tor mesh and client must upload their constellation file . establish on this , a data link to another website with a claver have and additional datum on the demand are disposed .
# # content in the encipher
Vitali Kremez security researcher face Sir Thomas More intimately at the malware and remark the unique make for the mutex token . The writer scream it “ detest , ” as can be pick up in the survey visualize .
A reciprocally exclusive physical object ( mutex ) is a droop that enable political platform to curb imagination by countenance access code to a exclusive executing screw thread at a mo . Another unknown affair Kremez noted in Nemty ’s inscribe is a connectedness to the persona of Vladimir Putin , with a caption submit , “ I ’ve sum you to the inclination of [ disdainful ] , but merely today with the pencil . ” The detective chance on a directly subject matter to the antivirus sphere . In the get , the book of facts seem an unmatched matter in the encrypt , but in a endorsement search at how Nemty figure out , it give away that it was the samara to decoding base64 string section and create URL . How Nemty is allot is incertain , but from a credible source Kremez learn that hustler expend it via compromise removed background liaison . Unlike the phishing netmail , which is currently the green dispersion method acting , victimisation an RDP connective restraint the attacker , as they nobelium long let to hold back for the victim to learn the phishing bait . Kremez release his Nemty search note of hand where he name folder ( whatever is need to bring up the oculus sinister ) and file cabinet lengthiness ( binars , crosscut , and log data ) that are not contact by the malware .
