Nett Ransomware

Cybercriminals have introduced a new and harmful threat called the Nett Ransomware, which targets users' data. Victims of this malware will find that their files and data are no longer accessible or usable. This is typical behavior of ransomware, which locks files and uses them as leverage to extort money from the victims in exchange for the promise of decrypting the data.

When the Nett Ransomware infects a device, it renames the encrypted files by appending a '.nett' extension. For example, a file originally named '1.doc' becomes '1.doc.nett,' and '2.pdf' is renamed to '2.pdf.nett.' This pattern continues for all encrypted files.

After encryption, the ransomware leaves a ransom note in an HTML file named 'Recovery_Instructions.html.' The note indicates that the cybercriminals behind the Nett Ransomware primarily target companies rather than individual home users. Additionally, the Nett Ransomware is part of the MedusaLocker Ransomware family.

The Nett Ransomware could Lead to Serious Disruptions and Financial Losses

Nett's ransom message informs victims that their company's network has been infiltrated and their files have been encrypted using RSA and AES cryptographic algorithms. Victims are warned against renaming or modifying the affected files or using third-party recovery software, as these actions could result in permanent data loss.

The ransom note also states that sensitive data has been harvested from the network. The attackers demand payment and threaten to increase the ransom amount if they are not contacted within 72 hours. If the victim evades payment, the harvested data will either be leaked or sold.

Before meeting the ransom demands, victims can opt to test the decryption process by sending the cybercriminals up to three non-important files.

Information security researchers warn that decryption is usually impossible without the attackers' assistance in ransomware attacks. However, even when victims comply with the ransom demands, they often do not receive the promised decryption keys or software. Therefore, experts strongly advise against paying the ransom, as file recovery is not guaranteed, and payment supports this illegal activity.

Removing the Nett Ransomware from the operating system will prevent further data encryption and will not restore files that have already been compromised.

Ensuring the Safety of Your Devices and Data from Ransomware Infections

To guarantee the safety of devices and data from ransomware attacks, users can adopt several proactive measures and best practices:

1. Regular Backups: Frequent Backups: Regularly back up your data to an autonomous hard drive or cloud storage. Ensure that backups are up-to-date. Offline Backups: Keep at least one backup copy offline to prevent it from being affected if ransomware infects your system.
2. Use Security Software: Anti-Malware: Install reputable antivirus and anti-malware software and keep it updated. Use these tools to scan your system regularly. Firewalls: Enable and configure a firewall to block unauthorized access to your network and devices.
3. Keep Software Updated: Operating System Updates: Regularly update your operating system to patch vulnerabilities that ransomware could exploit. Application Updates: Ensure all applications, especially web browsers and plugins, are always updated with the latest security patches.
4. Implement Email Security: Spam Filters: Use robust spam filters to diminish the risk of phishing emails that often carry ransomware. Email Caution: Be cautious with email attachments and links. Never access attachments or click on links from unknown or suspicious sources.
5. Practice Safe Browsing: Reputable Websites: Visit only reputable websites and avoid interacting with pop-up ads or downloading files from untrusted sites. Ad Blockers: Use ad blockers to reduce the risk of malicious advertisements that can lead to ransomware infections.
6. Limit User Privileges: Least Privilege Principle: Limit user permissions to the minimum necessary for their tasks. Avoid using accounts with administrative privileges for everyday activities. User Account Control: Enable User Account Control (UAC) to prevent unauthorized changes to your system.
7. Educate Yourself and Your Team: Awareness Training: Educate yourself and your team about the hazards of ransomware and how important is to use cybersecurity best practices. Incident Response Plan: Develop and communicate an incident response plan regarding a ransomware attack.
8. Disable Remote Desktop Protocol (RDP): RDP Security: Disable RDP if it's not needed. If necessary, secure it with strong passwords, two-factor authentication, and limiting IP addresses that can access it.
9. Monitor Network and System Activity: Activity Logs: Regularly monitor logs and alerts for unusual activity that might indicate a ransomware attack. Intrusion Detection Systems: Implement intrusion detection and prevention systems to identify and stop suspicious activities.

By adopting these measures, users can significantly reduce their risk of being victims of ransomware attacks and ensure the safety of their devices and data.

The full text of the ransom note left to the victims of the Nett Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
ALL YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED!

YOUR FILES ARE SAFE! JUST MODIFIED ONLY. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMENANTLY DESTROY YOUR FILE.
DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES.

NO SOFTWARE AVAILABLE ON INTERNET CAN HELP YOU. WE ONLY HAVE
SOLUTION TO YOUR PROBLEM.

WE GATHERED HIGHLY CONFIDENTIAL/PERSORNAL DATA. THESE DATA
ARE CURRENTLY STORED ON A PRIVATE SERVER. THIS SERVER WILL BE
IMMEDIATELY DESTROYED AFTER YOUR PAYMENT. WE ONLY SEEK MONEY
AND DO NOT WANT TO DAMAGE YOUR REPUTATION. IF YOU DECIDE TO
NOT PAY, WE WILL RELEASE THIS DATA TO PUBLIC OR RE-SELLER.

YOU WILL CAN SEND US 2-3 NON-IMPORTANT FILES AND WE WILL
DECRYPT IT FOR FREE TO PROVE WE ARE ABLE TO GIVE YOUR FILES
BACK.

Contact us for price and get decryption software.

Note that this server is available via Tor browser only

Follow the instructions to open the link:

Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.

Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.

Now you have Tor browser. In the Tor Browser open "{{URL}}".

Start a chat and follow the further instructions.

If you can't use the above link, use the email:
dec_helper@dremno.com
dec_helper@excic.com

'MAKE CONTACT AS SOON AS POSSIBLE. YOUR DECRYPTION KEY IS ONLY STORED
TEMPORARLY. IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'