Nemesis Ransomware

If you are hit by Nemesis Ransomware, it is most likely that you are using a server or you are a very unlucky computer user. This is a very severe threat indeed that mostly attacks big corporations’ servers. But we cannot exclude the possibility that individuals also might get infected with this ransomware who are using remote desktop applications and are connected to remote servers. The main reason why we believe that the targets are mainly companies is that the ransom fees users reported they were forced to pay can reach the extremely high category that personal users may not be able to pay. We do not recommend that you transfer the extorted amount because we cannot confirm that these cyber criminals will actually send you the special decryptor program. If you do not have a backup copy of your files, you may really be shocked to realize that you have lost them for good. This is why it is so important to keep a backup of your files on a separate, external hard disk. Strange as it may sound but you do not need to remove Nemesis Ransomware from your system as it seems to do it automatically after the attack.

While most of the ransomware programs are distributed either via spamming campaigns or Exploit Kits, this dangerous malware threat seems to attack servers via RDP (Remote Desktop Protocol) exploits. If your server is not updated properly, it is possible that this attack can take advantage. There could be more severe vulnerabilities that could allow remote code execution, for example. This means that cyber criminals would be able to drop this infection onto your server and may be spread it to all computers connecting to it. This is a silent way of infecting your server and your system because you will only know about it when the damage is all done. Hopefully, you see now why it is vital that you keep your system and all your programs always up-to-date.

As we have mentioned, ransomware program may also spread on the web via Exploit Kits. This again reminds us that we have to keep our browsers and drivers also updated because these kits exploit those vulnerabilities left in the outdated versions. Malicious websites are set up containing malicious Java and Flash codes that are activated the moment a victim loads such a page in an outdated browser. Although it is not likely that this particular ransomware is distributed this way, it is still important that you understand why you should keep all your programs updated. Most of the time it has a price when you remove ransomware because your files will remain encrypted all the same. Of course, in this case, you do not need to delete Nemesis Ransomware because it will do it for you.

Our research shows that this dangerous ransomware program may use the AES-256 algorithm to encrypt your files and adds a “.v8dp” file extension to the infected ones. We have found that this infection is indeed very similar to X3M Ransomware because both have identical ransom notes; although, our research shows that these infections are not related after all. Once your files have been encrypted, the ransom note window replaces your desktop background. This screen has a black background with matrix-like falling characters and an image of the Greek goddess, Nemesis. This note informs you that all your files have been encrypted, including your documents, photos, databases, and other important files. If you want to recover your files, you have to buy the Nemesis decryptor software. In order to do so, you are supposed to contact the criminals either via e-mail (“nemesis-decryptor@india.com”) or an online service, bitmsg.me.

According to user reports, the ransom fee could be varying from victim to victim and may range from 1 BTC up to 10 BTC (from about $922 up to $9,223). Clearly, no individual user would be able to pay this kind of money for some old documents and pictures. Of course, corporations may have a lot to lose if their important databases and files get encrypted and do not have a backup copy. It is hard to believe though that a company would have no backup but we can still hear about, for example, hospitals being attacked by ransomware and considering payment as an option, which clearly shows that they cannot always recover all the lost files themselves.

The only good bit of news about this malware attack is that you do not need to delete this threat as Nemesis Ransomware actually removes itself right after the encryption is done. Sometimes we can see such ransomware programs that act this way, although it is more likely that they leave a mess on your system. Usually, you can actually remove these dangerous programs because they operate through a single malicious executable file that you download from a spam mail or drop it after visiting a malicious website. If you want to protect your system from the next vicious attack, we suggest that you update your system and your programs ASAP, and install a reliable anti-malware program as well to automatically filter out any malicious attack that may target your server or system.