www.bleepingcomputer.com
104.20.60.209 

URL: https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/
Submission: On September 14 via api from US

Form analysis 6 forms found in the DOM

https://www.bleepingcomputer.com/search/

<form action="https://www.bleepingcomputer.com/search/">
  <input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
  <input type="hidden" name="cof" value="FORID:10">
  <input type="hidden" name="ie" value="UTF-8">
  <input type="search" name="q" placeholder="Search Site"> </form>

https://www.bleepingcomputer.com/search/

<form action="https://www.bleepingcomputer.com/search/">
  <input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
  <input type="hidden" name="cof" value="FORID:10">
  <input type="hidden" name="ie" value="UTF-8">
  <input type="search" name="q" placeholder="Search Site"> </form>

POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e

<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&amp;id=30c98e654e" method="post" target="_blank" novalidate="">
  <input type="email" name="EMAIL" placeholder="Email Address...">
  <div style="position: absolute; left: -5000px;">
    <input type="text" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value="">
  </div>
  <input type="submit" value="Submit" class="bc_sub_btn"> </form>

POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e

<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&amp;id=30c98e654e" method="post" target="_blank" novalidate="">
  <input type="email" name="EMAIL" placeholder="Email Address...">
  <div style="position: absolute; left: -5000px;">
    <input type="text" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value="">
  </div>
  <input type="submit" value="Submit" class="bc_sub_btn"> </form>

POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/

<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login&amp;do=process&amp;return=https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/" method="post">
  <div class="bc_form_feild">
    <label for="ips_username">Username</label>
    <input type="text" id="ips_username" name="ips_username"> </div>
  <div class="bc_form_feild">
    <label for="ips_password">Password</label>
    <input type="password" id="ips_password" name="ips_password"> </div>
  <div class="bc_form_feild">
    <div class="bc_remember">
      <input id="remember" type="checkbox" name="rememberMe" value="None" checked="checked">
      <label for="remember"></label>
      <span>Remember Me</span>
    </div>
    <div class="bc_anon">
      <input id="anonymous" type="checkbox" name="anonymous" value="None">
      <label for="anonymous"></label>
      <span>Sign in anonymously</span>
    </div>
  </div>
  <div class="bc_btn_wrap">
    <input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
    <input type="submit" value="Login" class="bc_sub_btn">
    <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login&amp;serviceClick=twitter&amp;return=https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/" class="bc_twitter_btn">
      <img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter"> Sign in with Twitter</a>
    <hr>
    <p>Not a member yet? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=register">Register Now</a></p>
  </div>
</form>

<form>
  <input type="hidden" id="comment-id-report" value="0">
  <ul>
    <li>
      <label>
        <input type="radio" name="comment-report-reason" value="Spam">Spam</label>
    </li>
    <li>
      <label>
        <input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
    </li>
    <li>
      <label>
        <input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
    </li>
    <li>
      <label>
        <input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
    </li>
    <li>
      <label>
        <input type="radio" name="comment-report-reason" value="Other">Other</label>
    </li>
    <li id="comment-report-other-reason-wrap" style="display:none;">
      <textarea rows="2" cols="2" id="comment-report-other-reason"></textarea>
    </li>
  </ul>
  <p><a href="https://www.bleepingcomputer.com/posting-guidelines/">Learn more</a> about what is not allowed to be posted.</p>
</form>

Text Content

Nemty Ransomware Gets Distribution from RIG Exploit Kit
We value your privacy    We and our partners use technologies, such as cookies, and process personal data, such as IP addresses and cookie identifiers, to personalise ads and content based on your interests, measure the performance of ads and content, and derive insights about the audiences who saw ads and content. Click below to consent to the use of this technology and the processing of your personal data for these purposes. You can change your mind and change your consent choices at any time by returning to this site.   MORE OPTIONS  I accept      Change consent   See Vendors     Powered by      
News
Featured
Latest
North Korean Hackers Behind WannaCry and Sony Hack Sanctioned by USA
Destructive Ordinypt Malware Hitting Germany in New Spam Campaign
iOS 13 Passcode Bypass Lets You View Contacts on Locked Devices
Microsoft Releases Workaround for Windows 10 Audio Issues in Games
Nemty Ransomware Update Lets It Kill Processes and Services
Microsoft Releases Workaround for Windows 10 Audio Issues in Games
iOS 13 Passcode Bypass Lets You View Contacts on Locked Devices
InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information
Downloads
Latest
Most Downloaded
AuroraDecrypter
FilesLockerDecrypter
360 Total Security
Skype Classic
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
Virus Removal Guides
Latest
Most Viewed
Ransomware
Remove the IObyte System Care PUP
Remove the Your Windows 10 is not updated Tech Support Scam
Remove the Your Windows 10 is damaged and irrelevant Tech Support Scam
Remove the Searchgeniusapp.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
Tutorials
Latest
Popular
How to Enable the Windows 10 Tamper Protection Security Feature
How to Export a Registry Key in Windows
How to Restart the Windows Explorer.exe Process
How to Open a Windows Command Prompt
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
Deals
Categories
eLearning
IT Certification Courses
Gear + Gadgets
Security
Forums
More
Startup Database
Uninstall Database
File Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide
HomeNewsSecurityNemty Ransomware Gets Distribution from RIG Exploit Kit
AddThis Sharing ButtonsShare to FacebookFacebook42Share to TwitterTwitterShare to LinkedInLinkedInShare to RedditRedditShare to Hacker NewsHacker NewsShare to EmailEmail
Nemty Ransomware Gets Distribution from RIG Exploit Kit
By Ionut Ilascu
September 3, 2019
04:48 AM
0
The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.
Exploit kits are not as commonly used since they typically thrive on vulnerabilities in Internet Explorer and Flash Player, two products that used to dominate the web a few years ago but are now with one foot out in the grave.
Even so, many companies still depend on them and Microsoft's web browser continues to be used in many countries, turning them into targets for web threats to which most of the world is immune.
AD                                                                                                                                                                                                                                                                                Quality                                                                Auto                                                                360p                                                                720p                    1080p                                                                                               Top articles1/5READ MORE'N1ghTm4r3’ Scam Threatens to Expose Victims Watching Illegal Porn 
Nemty is all RIGged up
Nemty appeared on the radar towards the end of August, although the malware administrators made it known on cybercriminal forums long before this date.
It drew attention through its code, which in version 1.0 contains references to the Russian president and to antivirus software.
BleepingComputer saw that the post-encryption ransom demand was around $1,000 in bitcoin. Unfortunately, there is no free decryption tool available at the moment and the malware makes sure to remove the file shadows created by Windows.
Security researcher Mol69 noticed that the file-encrypting malware is now a payload in malvertising campaigns from RIG exploit kit (EK).
The malware used the .nemty extension for the encrypted files but the variant observed by Mol69 adds '._NEMTY_Lct5F3C_' at the end of the processed files.
In the ransom note shown after encrypting the files, Nemty provides instructions on how to pay to recover the data.
In the ransom note is also an encrypted version of the key that unlocks the files on the infected computer, and decrypting it is controlled by the malware administrators.
Suspicious community
Mol69 rolled the infection chain in an AnyRun test environment that documents all of the steps leading to the file encryption process. The entire activity took over 10 minutes to finish.
Nemty is new on the scene and on at least one underground forum it was received with skepticism. This is not unusual with new ransomware, BleepingComputer learned from Yelisey Boguslavskiy, director of security research at Advanced Intelligence (AdvIntel).
This was not the case of Sodinokibi, though, whose administrators are suspected to be from the old GandCrab gang. Sodinokibi ransomware received immediate support from high-profile members of the forum.
Furthermore, its profitability only enticed spirits and prompted malware distributors to jump at the opportunity of partnering up. However, Sodinokibi operators are very selective and associated only with individuals considered veterans in the field.
Nemty, on the other hand, did not enjoy a warm welcome in the community.
Related Articles:
Nemty Ransomware Update Lets It Kill Processes and ServicesThe Week in Ransomware - September 13th 2019 - Exploit KitsExploit Kits Target Windows Users with Ransomware and TrojansFake PayPal Site Spreads Nemty RansomwareThe Week in Ransomware - September 6th 2019 - Three Week Roundup
Encryption Keys
Nemty Ransomware
Ransomware
RIG
Facebook
Twitter
LinkedIn
Email
Ionut Ilascu   
Ionut Ilascu is freelancing as a technology writer with a focus on all things cybersecurity. The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia.
Previous Article 
Next Article 
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
You may also like:
Popular Stories
Microsoft Publishes Solutions for Windows 10 Search Issues
Iranian Hackers Hit Over 60 Universities to Get Library Access
Newsletter Sign Up
To receive periodic updates and news from BleepingComputer, please use the form below. 
Newsletter Sign Up
Follow us:
Main Sections
News
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
File Database
Glossary
Community
Forums
Forum Rules
Chat
Useful Resources
Welcome Guide
Sitemap
Company
About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog
Terms of Use -  Privacy Policy
Copyright @ 2003 - 2019  Bleeping Computer® LLC  - All Rights Reserved
Login
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
Not a member yet? Register Now
Reporter
Help us understand the problem. What is going on with this comment?
Spam
Abusive or Harmful
Inappropriate content
Strong language
Other
Learn more about what is not allowed to be posted.
Submitting...
SUBMIT