Nemty ransomware is a crypto-malware most variants of witch are not decryptable due to AES-256 key scheduling bugs along with CBC block mode implementation. Nemty drops a ransom note that informs the victim what to do to recover their encrypted files and deletes shadow copies of the files it encrypts in a system. According to Bleeping Computer’s own tests, Nemty demands a ransom of 0.09981 bitcoin, which amounts to around US$1,000 as of writing.

The purpose of this ransomware is to encrypt data stored on the system so that developers can make ransom demands by offering paid recovery of files. NEMTY PROJECT also appends each filename with the “.nemty” extension (e.g., “sample.jpg” becomes “sample.jpg.nemty“). Additionally, NEMTY PROJECT stores a text file named “NEMTY-DECRYPT.txt” in most existing folders. An updated variant of NEMTY Project ransomware appends filenames with the “._NEMTY_[random_characters]_” extension (e.g., “1.jpg” -> “1.jpg._NEMTY_huWhN62_“) and creates another text file “_NEMTY_[random_characters]_-DECRYPT.txt” (e.g., “_NEMTY_huWhN62_-DECRYPT.txt“) containing an identical message.

The decryptor currently supports only a limited amount of file extensions, but Tesorion has told BleepingComputer that they are expanding support for more file types every day. The file types currently supported by the decryptor are:

avi, bmp, gif, mp3, jpeg, jpg, mov, mp4, mov, mp4, qt, 3gp, mpeg, mpg, doc, docb, dot, ole, pot, pps, ppt, wbk
, xlm, xls, xlsb, xlt, pdf, png, tif, tiff, nef, , doc, txt, docm, docx, dotm, dotx, jar, potm, potx, ppsm, ppsx, pptm, pptx, xlsm, xlsx, xltm, xltx, zip

Instead of offering a decryptor that computes a key on a victim’s computer, Tesorion opted to have the decryption key generation done on their own servers.

Tesorion told BleepingComputer they went this route in order to prevent the ransomware developers from analyzing the decryptor and learning the weakness in their algorithm.

File Encryption

Nemty ransomware uses a combination of AES-128 in CBC mode, RSA-2048, and the unusual RSA-8192 for its file encryption and key protection. The following steps summarize its encryption process.

  1. Generate a 32-byte value using a pseudo-random algorithm. This value is added to the configuration information later on. The first 16 bytes are used as the main AES key for file encryption.

  2. Generate an RSA-2048 key pair.

  3. Decrypt and import the embedded RSA-8192 Public Key using the same RC4-base64 function.

  4. Include the generated Private Key from step 2 to the configuration file, which also contains other information gathered from the system (discussed in the next section)

  5. Encrypt the configuration file using RSA-8192 Public Key imported in step 3 and encode it in base64.

  6. Generate another 16-byte key using the same algorithm used in step 1. This is the IV (Initialization Vector) for the AES-128 CBC mode encryption. A new IV is generated for every file.

  7. Encrypt the file content using the main AES Key from step 1 and the current IV.

  8. Encrypt the current IV using RSA-2048 with the locally generated Public Key generated in step 2 and encode it in base64.

  9. Append the encrypted IV to the file.

The best way to avoid damage from ransomware infections is to maintain regular up-to-date backups.

For more cybersecurity information contact us at help@theweborion.com