Threat Watch

Nemty Ransomware Operation Goes Private

The operator behind the Nemty ransomware has announced that the group will no longer be running as a service for other criminals, choosing instead to go private. This means that the group will use the Nemty ransomware to encrypt files of victim companies that they have compromised, attempting to extort ransom payments directly from the victims. Nemty was discovered by researchers last summer, with some versions of the ransomware being decryptable without paying to obtain the encryption key, due to mistakes made by the malware author. In their closing post, the operator also announced that victims will have one week to pay the ransom and receive software and the key needed to decrypt files. No encryption keys will be kept after the transition.

ANALYST NOTES

Binary Defense does not recommend paying the ransom demanded by any criminal if at all possible, because there is no guarantee that the criminal will provide the decryption key and it may encourage the criminal group to strike again, knowing that they can count on receiving payment. Instead, we encourage everyone to keep backups by creating them at regular intervals, storing them offline, and storing them in multiple locations. Ransomware often checks connected devices like flash drives or mapped network drives to increase chances of data loss. When deploying security solutions for the enterprise, consider using an EDR (Endpoint Detection and Response) solution side-by-side with anti-virus products. Using an EDR solution or an MDR (Managed Detection and Response) can help spot threats before they spread too far. Analysts at the Binary Defense Security Operations Center detect threats on our clients’ workstations and servers 24-hours a day and respond quickly to contain infections, preventing minor incidents from becoming a source of major damage across the company.

Source: https://www.bleepingcomputer.com/news/security/nemty-ransomware-shuts-down-public-raas-operation-goes-private/