The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware.
First spotted by exploit kit researcher mol69, a malvertising campaign is redirecting users to the RIG exploit kit to target enterprise users who are still utilizing Internet Explorer and Flash Player.
If a user running these outdated programs are redirected to the exploit kit landing page, the malicious scripts will attempt to exploit vulnerabilities in the browser to install a variety of malware including the Nemty 1.6 ransomware.
The most obvious change in this version is the ransom note that now shows a version number of 1.6 as seen below.
According to security firm Tesorion, Nemty 1.6 also modified their encryption algorithm to use the Windows cryptographic libraries instead of their own custom AES implementation.
This was most likely done to break the decryptor created by Tesorion, which didn't go as plan as Tesorion's decryptor can still decrypt Nemty 1.6 victims for free.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Comments
Fouss - 6 years ago
I need Nemty's decryption software quickly
Vidusara - 6 years ago
https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/