Nemty ransomware distributed through fake PayPal sites

Monday 9 September 2019 10:43 CET | News

A security researcher has discovered a web page pretending to offer an official application from PayPal, which is spreading a Nemty ransomware to unsuspecting users.

The fake PayPal page promises to return 3-5% from purchases made through the payment system. According to BleepingComputer, it takes about seven minutes for the ransomware to encrypt the files on the victim host. However, this may differ from one system to another.

Nemty ransomware has been present on cybercriminal forums for some time but it emerged on the radar of the infosec community towards the end of August 2019. BleepingComputer tests showed that the ransom demand was 0.09981 BTC, which is about USD 1,000, and that the payment portal is hosted in the Tor network for anonymity.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: PayPal, ransomware, malware, cybersecurity, info security, fraud prevention, encryption
Countries: World