Nefilim (d12f369c-f776-468a-8abf-8000b1b30642)
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Nefilim (d12f369c-f776-468a-8abf-8000b1b30642) | Ransomware | Nemty (5fb75933-1ed5-4512-a062-d39865eedab0) | Ransomware | 1 |