Nefilim which is a new version of Nemty Ransomware is released in wild. Nefilim is distributed via exposed Remote Desktop Services unlink its predecessor Nemty. Nefilim encrypts user data with AES-128, this AES encryption key will then be encrypted by an RSA-2048 public key that is embedded in the ransomware executable. The extension is added to the encrypted files: .NEFILIM. A file marker NEFILIM is also added at the end of file to avoid re-encryption.