Ransomware Families – Nemucod

Nemucod ransomware was originally seen in January of 2016. 

Delivered through invoice themed phishing emails with Javascript attachments.

A few updates were made through 2016 to help avoid Anti-Virus and Spam detections including:

Adding XOR encryption to encrypt the first 2048 bytes of the file, adding a password to the zip files that were attached to the emails, generating a key at the time of running as opposed to a hard coded key in the executable, and finally adding a php script to help with the encryption. 

Nemucod demands anywhere from 0.1 to 0.5 BitCoin (roughly $210 in 2016) to decrypt the victims files.

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here

Leave a Reply

Your email address will not be published. Required fields are marked *