Emails Pretending To Be Secret Admirers Could Be Ransomware

March 6, 2020

Written by wukovits

Nemty Ransomware isn’t an especially well-known threat, but it’s dangerous and should not be discounted. Recently, researchers have discovered an ongoing spam-email driven campaign that’s attempting to spread the ransomware far and wide.

An unknown group of hackers are sending out what appear to be love letters from secret admirers in a broad pattern.

They are probably simply using email addresses purchased in bulk on the Dark Web. The emails use a variety of subject lines like “Letter for You,” “Will be our secret,” “Can’t Forget you,” and “I love you.” They have no body text and feature nothing more than a wink emoji. That is clearly a bid to entice recipients into responding by clicking on the enclosed attachment to see what all the fuss is about and get to the bottom of the mystery.

Unfortunately, those that do so doom themselves. The attached file is a poisoned Java Script that installs the ransomware, which promptly locks the user’s files and then displays a ransom payment demand.

The fact that Nemty isn’t widely known works in its favor, as it gives the malware a very low VirusTotal detection rate. That will undoubtedly lead to a higher than usual percentage of infections until an increasing number of antivirus companies add the malware to their definitions. It’s a short-term advantage, but one the hackers will surely make full use of until the AV companies catch up.

Nemty’s developers have also threatened to create a blog, which will be used to release sensitive information of those who refuse to pay the ransom.

Finally, be aware that Nemty is known for deleting shadow copies as it encrypts files. So if you’re not in the habit of making regular backups, if you get hit with this strain, you will have no way of recovering your data. Make sure your employees are aware!

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.