Threat actors behind Nemty ransomware close down their ransomware-as-a-service (RaaS) operation as they zero in on private schemes, as reported by BleepingComputer.
This was confirmed in a Russian hacker forum post that security researcher Vitali Kremez shared with Bleeping Computer. In the post, “jsworm,” the ransomware’s operator, declared that “we leave in private” (translated from Russian) and that current victims only have one week to acquire decryptors for the last time. The poster also stated that they will not migrate the old master encryption keys from the public operation to the private scheme.
Around two weeks after the post was published, another post from the same user announced that the ransomware has been fully rewritten and was released under the name Nemty Revenue 3.1.
According to Kremez, the switch to a private scheme will allow the Nemty group to recruit more experienced malware distributors. This will also allow these threat actors to focus efforts towards launching more lucrative attacks like network compromises and network-wide deployment.
Nemty ransomware was discovered in 2019 and was found spreading via Remote Desktop Protocol (RDP). Like newer ransomware variants, Nemty posed a double threat — it didn’t just encrypt its victim’s data, it was also capable of stealing user information from the infected device. One of the latest activity involving the ransomware is a spam campaign spotted back in March this year that propagated through love letter emails.
Nefilim, a recently discovered ransomware variant that can move laterally, shared many notable similarities with Nemty version 2.5.
Nemty ransomware may not be affecting the public as much as it used to, but the threat landscape still has a number of other ransomware families to fill the void. In our Trend Micro Annual Security Roundup, we shared that the ransomware cases we detected climbed from 55 million in 2018 to 61 million in 2019. The number of new ransomware families, including Maze, Snatch, and Zeppelin also increased.
Below are some of the best practices users can do to protect systems from ransomware:
Periodically back up files using the 3-2-1 rule. The rule entails creating three backups in two different formats and storing one copy offsite.