Blue Hexagon Blog

Ransomware Families – Nemucod

Nemucod ransomware was originally seen in January of 2016. 

Delivered through invoice themed phishing emails with Javascript attachments.

A few updates were made through 2016 to help avoid Anti-Virus and Spam detections including:

Adding XOR encryption to encrypt the first 2048 bytes of the file, adding a password to the zip files that were attached to the emails, generating a key at the time of running as opposed to a hard coded key in the executable, and finally adding a php script to help with the encryption. 

Nemucod demands anywhere from 0.1 to 0.5 BitCoin (roughly $210 in 2016) to decrypt the victims files.

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here