Nefilim which is a new version of Nemty Ransomware
is released in wild. Nefilim is distributed via exposed Remote Desktop Services unlink its predecessor Nemty. Nefilim encrypts user data with AES-128, this AES encryption key will then be encrypted by an RSA-2048 public key that is embedded in the ransomware executable. The extension is added to the encrypted files: .NEFILIM
. A file marker NEFILIM
is also added at the end of file to avoid re-encryption.
A newer version of it Nephilim Ransomware
Nefilim Ransomware Signatures
Nefilim Ransomware Download