Following the encryption of the targeted files, it drops a ransom-demanding note in all the existing folders that contain .Nemty files.
The developers claim to restore the encrypted files, only if the victim agrees to follow the instructions given by the hackers.
While Remote Desktop Connections distribution technique is not new for Ransomware propagation, it is considered a more treacherous method when compared to phishing techniques.
After gaining illicit access to the systems via RDP, the hackers get an unregulated entry to the targeted system to launch attacks & propagate wider distribution of malware without the user’s intervention.
Victims are required to pay 0.09981 Bitcoin (equivalent to $1,010.74) in exchange of the Nemty decryption tool & unique key.
The code for the Nemty contained a link that redirected to the image of Russian President Putin and displayed a message to the antivirus industry.