Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Nemty ransomware “LOVE_YOU” malspam campaign

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. The attackers employed messages with several subject lines and attachment filenames composed to appear […]

Nemty Ransomware

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers.

Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers.

The attackers employed messages with several subject lines and attachment filenames composed to appear as sent by lovers, they used statements such as “Don’t tell anyone,” “I love you,” “Letter for you,” “Will be our secret,” and “Can’t forget you.”

The body of all the spam messages only contains the ‘;)' text emoticon.

Nemty Ransomware

All the spam messages used a ZIP archive as attachment with a filename with a specific format (‘LOVE_YOU_######_2020.zip’)

“Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS.

“The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.js,”

The detection rate of the LOVE_YOU Javascript was low when the campaign was spotted, but is rapidly increasing.

The malicious Javascript acts as a dropper for the Nemty ransomware, the final payload is downloaded from a remote server and then it is executed.

In an update provided on February 28, 2020, IBM researchers reported that this campaign appears to have temporarily halted.

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.

In October 2019, researchers from the security firm Tesorion developed a decryptor tool that works on Nemty versions 1.4 and 1.6, they also announced a working tool for version 1.5.

In February, Nemty ransomware operators announced that they will set up a website to leak the data stolen for ransomware victims who refused to pay the ransom.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, undersea cables)

[adrotate banner=”5″]

[adrotate banner=”13″]