Ransomware continues to expand its reach as threat actors continue to come up with new ransomware variants and families. NEFILIM is a newly emerged ransomware and it is most likely distributed through exposed Remote Desktop Protocol (RDP) like other ransomware such as Nemty, Crysis, and SAMSAM. It uses several other ways also to penetrate in to IT systems including:
The ransomware adds the “NEFILIM” string as a file marker to all encrypted files. The encrypted files will have .NEFILIM appended to their file names. Further, it has launched a site called “Corporate Leaks” that is being used to dump the data of victims who do not pay a ransom.
As proactive measures, below actions, can be taken to minimize the risk of ransomware, going to target vulnerabilities in RDP.
In addition to the above recommendations, you may also apply proactive measures suggested on the below articles published on TechCERT official website to counter/minimize the risk of ransomware attacks.
Due to the COVID-19 outbreak, ransomware attack and other cyber attacks will likely take place unnoticed since organizations are operating in limited resources and due to Working from Home schemes. TechCERT secure working from the home guide can be obtained from the following link.