According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Victim Name | Country | Date |
---|---|---|
Atlanta Allergy & Asthma. Part 1. | 2021-09-09 | |
Grimmway Farms. Part 1. | 2021-09-09 | |
Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser. | 2021-09-09 | |
Seven Seas. Part 1. | 2021-09-09 | |
The MADSACK Media Group. Part 1. | 2021-09-09 | |
Tegut. Part 1. | 2021-09-09 | |
TPG Internet. Part 1. | 2021-09-09 | |
Saipa Press. Part 1. | 2021-09-09 | |
Tegut. Part 2. | 2021-09-09 | |
The MADSACK Media Group. Part 2. | 2021-09-09 | |
Whirlpool | 2020-12-01 | |
DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary) | 2020-07-27 | |
Orange (mobile operator) | 2020-07-04 | |
Fisher and Paykel Appliances | 2020-06-01 | |
Toll Group | 2020-05-05 |