Nemty Ransomware Infests Bogus PayPal Site



NEMTY-RansomwareBleepingComputer describes a PayPal phishing site that’s delivering a new strain of Nemty ransomware. The attackers used Unicode characters from different alphabets to make their URL look like PayPal’s legitimate domain.

The slickly designed web page offers users a 3-5% return on PayPal transactions if they download an official PayPal browser extension. Users who click the download button will receive a file named “cashback.exe.” Running this executable will infect the user’s system with the ransomware.

Nemty ransomware has been around for a while, but it began attracting attention last month. It was recently observed spreading via the RIG exploit kit, and it may have been going after exposed RDP connections. The PayPal phishing site suggests that Nemty’s operators are interested in using multiple channels of distribution.

Ransomware is a very profitable criminal enterprise and attackers have high incentive to improve their tactics. We need hardly mention how widely used PayPal is, both for personal and business transactions. Social engineering is the most reliable and effective way to get malware onto your network.

New-school security awareness training can help your employees defend themselves against these attacks and keep your organization safe. BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/


Discover dangerous look-alike domains that could be used against you!

Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now.

DomainDoppelgangerResultsBetter yet, with these results you can now generate an online assessment test to see what your users are able to recognize as “safe” domains for your organization. You then receive a summary of the test results to understand how security-aware your users are when it comes to identifying potentially fraudulent or phishy domains.

With Domain Doppelgänger, you can:

  • Search for existing and potential look-alike domains
  • Get a report with aggregated results that includes risk indicators, and
  • Generate an online “domain safety” quiz based on the results to administer to your end users

This is a complimentary tool and will take only a few minutes.

Domain Doppelgänger helps you find the threat before it is used against you.

Find your look-alike domains here:

Find Your Look-Alike Domains!

Don't like to click on redirected buttons? Copy & paste this link into your browser:

https://www.knowbe4.com/domain-doppelganger

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews