Nemucod Adds Ransomware Routine

It came to our attention that a new, rather peculiar version of Nemucod has been recently landing on users. Nemucod is a well-known JavaScript malware family that arrives via spam email and downloads additional malware to PCs. Most recently, Nemucod has been known to download TeslaCrypt ransomware variants.

However, the last few weeks saw a shift in Nemucod variants–it now has a code to drop ransomware from its body. The sample arrives via a typical Nemucod spam with encrypted JavaScript attachment.

Upon decrypting the JavaScript, we can see that it attempts to download a file on the user’s temporary directory from compromised websites. The downloaded file is an executable file that is later on used to encrypt the user’s files: Click Here To Read The Rest of The Article


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website