LTS Secure Warning: New Malvertising Campaign Distributes Nemty Ransomware via RIG Exploit Kit

A new malvertising campaign has been spotted, that redirects users to an exploit kit that, when successful, deploys Nemty ransomware on victim device.

 

Technical Details

The threat actors behind the ransomware are targeting outdated systems with exploit kits in order to spread their ransomware.

Once the files are encrypted, ‘._NEMTY_Lct5F3C_’extension is added to the files. After this, a ransom note is dropped, containing payment instructions, which the victim must follow in order to get the decryption key. The note also contains the encrypted version of the decryption key, which is controlled by the threat actors.

 

Impact

  • Loss of Productivity.
  • Operational and financial loss to the Business or an individual.
  • Temporary or Permanent loss of Sensitive/Confidential data.

 

Recommended Actions

  • Take system back-ups on regular intervals.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Regularly update your antivirus software & perform malware scans to protect against unknown threats.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013