Nemty ransomware was first discovered in August 2019. It resurfaced on November 2019 and was distributed using the Phorpiex botnet. The new samples likewise use the Phorpiex botnet to send spam emails. Cybercriminals behind the ransomware threaten to leak stolen data if the ransom is not paid, an extortion threat similar to other ransomware variants like Maze that go beyond encrypting files on the device.
Figure 1. Nemty love letter email sample
Defending against ransomware
Ransomware can cause hundred thousands of dollars’ worth of losses, either through the value of lost files or through paying the ransom to avoid the downtime and data loss caused by the infection. According to the Trend Micro Annual Security Roundup, the detection of ransomware-related threats surged from over 55 million in 2018 to over 61 million in 2019, showing the threat’s continued proliferation. Besides the increase in number, ransomware variants are also continually evolving with increased complexity.
Like Nemty, other recently discovered ransomware families don’t just stop with file encryption. They also include abilities that steal files (Maze), force Windows machines to reboot into safe mode to bypass security software (Snatch), and end various processes (Zeppelin).
Enterprises and individual users can follow a few best practices to prevent a ransomware infection or mitigate the effects of an attack:
Don’t download attachments or click URL Links in emails from unknown senders
Back up important files
Install the latest updates and patches to address software vulnerabilities