Nemucod Adds Ransomware Routine

Leave a reply

It came to our attention that a new, rather peculiar version of Nemucod has been recently landing on users. Nemucod is a well-known JavaScript malware family that arrives via spam email and downloads additional malware to PCs. Most recently, Nemucod has been known to download TeslaCrypt ransomware variants.

However, the last few weeks saw a shift in Nemucod variants–it now has a code to drop ransomware from its body. The sample arrives via a typical Nemucod spam with encrypted JavaScript attachment.

Upon decrypting the JavaScript, we can see that it attempts to download a file on the user’s temporary directory from compromised websites. The downloaded file is an executable file that is later on used to encrypt the user’s files: Click Here To Read The Rest of The Article

This entry was posted in FortiGuard News on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.