Nefilim which is a new version of
Nemty Ransomware is released in wild. Nefilim is distributed via exposed Remote Desktop Services unlink its predecessor Nemty. Nefilim encrypts user data with AES-128, this AES encryption key will then be encrypted by an RSA-2048 public key that is embedded in the ransomware executable. The extension is added to the encrypted files:
.NEFILIM. A file marker
NEFILIM is also added at the end of file to avoid re-encryption.
Update: A newer version of it
Nephilim Ransomware is out.
Nefilim Ransomware Signatures
Family: Ransom:MSIL/NefiCrypt.PI!MSR
MD5: 8f90539c405672016c0dec7ac3574eea
SHA256: d4492a9eb36f87a9b3156b59052ebaf10e264d5d1ce4c015a6b0d205614e58e3
Nefilim Ransomware Download
