Skip to main content

Another Week Another New Ransomware To Be Concerned About

By March 27, 2020May 9th, 2022Cybersecurity

There’s a new strain of ransomware to put on your radar.

This latest one was discovered by researchers working from SentinelLabs and it has been dubbed Nefilim.

Based on the initial research, it seems to share significant portions of its code base with an older strain, Nemty 2.5.

The two key differences between the two strains are as follows:

  1. Nefilim’s code does not contain the Ransomware-as-a-Service (RaaS) found in Nemty 2.5
  2. Nefilim relies on email communication to arrange ransom payment, rather than routing those through the TOR browser.

The researchers spotted Nefilim in the wild at the end of February of this year (2020). At this point, it’s unclear exactly how the malware is being distributed. The best guess at this point is that the malware is being spread via exposed Remote Desktop Services. However, the malware winds up on a target system.

When it does its work and infects the files on the compromised computer, the victim will see the following note:

A large amount of your private files have been extracted and is kept in a secure location. If you do not contact us in seven working days of the breach we will start leaking the data. After you contact us we will provide you proof that your files have been extracted.”

This tactic is becoming increasingly common, and as we’ve seen in recent months, it’s not an idle threat. Worse is that based on the analysis of the code to this point, Nefilim is secure. That means that at present, there’s no free way to recover your files once they have been encrypted.

While this strain isn’t especially widespread at this point, it’s a legitimate threat. It would be a grave mistake to ignore it.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.