According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
| Victim Name | Country | Date |
|---|---|---|
| Atlanta Allergy & Asthma. Part 1. |  |
2021-09-09 |
| Grimmway Farms. Part 1. | |
2021-09-09 |
| Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser. | |
2021-09-09 |
| Seven Seas. Part 1. | |
2021-09-09 |
| The MADSACK Media Group. Part 1. | |
2021-09-09 |
| Tegut. Part 1. | |
2021-09-09 |
| TPG Internet. Part 1. | |
2021-09-09 |
| Saipa Press. Part 1. | |
2021-09-09 |
| Tegut. Part 2. | |
2021-09-09 |
| The MADSACK Media Group. Part 2. | |
2021-09-09 |
| Whirlpool | |
2020-12-01 |
| DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary) |  |
2020-07-27 |
| Orange (mobile operator) |  |
2020-07-04 |
| Fisher and Paykel Appliances |  |
2020-06-01 |
| Toll Group |  |
2020-05-05 |