Malware News Nymaim Ransomware-Downloader Spikes Big

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Over the course of 2016, the ESET research team has seen the number of Nymaim malware-related infections spike by 63% compared to the first half of 2015. By the end of June 2016, ESET researchers had seen more detections than all of 2015.

So far, Nymaim has resulted in more than 2.8 million infections, according to ESET. Those infections are mostly in Poland (54% of all Nymaim detections this year), Germany (16%) and in the US (12%). But, Nymaim has now made its way to South America, with attacks targeting financial institutions in Brazil.

“In Brazil we also observed highly targeted Nymaim attacks directed against financial institutions,” researchers said in a blog. “Despite the relatively low number of detections, which is to be expected due to the very specific target selection, Brazil accounts for 0.07% of all detection incidents involving this variant, placing it 11th in the list of countries where this variant was most often detected.”

Nymaim consists of a two-stage downloader usually associated with file-encoding ransomware as the final payload. The advanced evasion techniques, combining obfuscation, anti-VM, anti-debugging and control flow capabilities of this family are well-known, the researchers added. However, unlike its 2013 version, the new Nymaim has evolved and shifted to spearphishing campaigns. The emails contain a malicious Microsoft Word Doc file as an attachment, which uses a macro to do its dirty work.

Because default Microsoft Word security settings will prevent the macro from running, the document contains a couple of “tricks,” ESET said. First, the document contains a block of “garbled text”, presumably suggesting to the likely victim that something needs to be done to decode or decrypt it. Second, at the very top of the document is the message, “enable content to run in compatibility mode.” This message is formatted very similarly to the warning bar of recent Microsoft Word versions, which warns users that macros in the current document have been disabled.

Full Article. Nymaim Ransomware-Downloader Spikes Big
 
L

LabZero

The growing popularity of ransomware is related also to the big flaws in our systems but, of course, it is needed more awareness and information from end users.

PS: it would be nice to know who invents all these ransomware ID names :D
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Ransomware gains already a new category, since it can be use as propagation, emulation, and even create through ready made exploits.

So it is matter how pain the decryption process.
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top