Ransomware Group:
Nefilim
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Activity over time
Worldmap
15 Victims
Atlanta Allergy & Asthma. Part 1.
Discovery Date: 2021-09-09 23:46
Grimmway Farms. Part 1.
Discovery Date: 2021-09-09 23:46
Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser.
Discovery Date: 2021-09-09 23:46
Seven Seas. Part 1.
Discovery Date: 2021-09-09 23:46
The MADSACK Media Group. Part 1.
Discovery Date: 2021-09-09 23:46
Tegut. Part 1.
Discovery Date: 2021-09-09 23:46
TPG Internet. Part 1.
Discovery Date: 2021-09-09 23:46
Saipa Press. Part 1.
Discovery Date: 2021-09-09 23:46
Tegut. Part 2.
Discovery Date: 2021-09-09 23:46
The MADSACK Media Group. Part 2.
Discovery Date: 2021-09-09 23:46
Whirlpool
Discovery Date: 2020-12-01 00:00
DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary)
Discovery Date: 2020-07-27 00:00
Orange (mobile operator)
Discovery Date: 2020-07-04 00:00
Fisher and Paykel Appliances
Discovery Date: 2020-06-01 00:00
Toll Group
Discovery Date: 2020-05-05 00:00