We've seen it lately various variants of this particular ransomware. It seems that the hackers behind it are constantly looking for new ways to share it with the unsuspecting users.
In the case of the fake Paypal page, the hackers try to attract them victims promising them a return 3-5% of purchases made through the payment system.
There are many indications that one can understand that this is scam. For example, many browsers mark the page as dangerous. However, there are many users who are unsuspecting and may fall into the trap of hackers and download and execute malicious software, known as Cashback.exe.
The security researcher who discovered the new variant of Nemty ransomware and distributed it through the fake Paypal site is nao_sec. The researcher used the test environment AnyRun to run it malicious software and keep track of the problems it creates on infected systems.
The researcher found that ransomware needed approx seven minutes to encrypt the files of the victim. However, time may vary depending on system affected by ransomware.
The good thing is that the new variant is detected by most popular antivirus programs.
If one does not pay much attention, then the page will look authentic. Hackers have tried hard to make the page as plausible as possible.
To make it even more convincing, the scammers use what is called "Homograph domain name spoofing" for its various links website, such as Help & Communication, Security and more.
Security researcher Vitali Kremez analyzed this variant of Nemty ransomware and found it to be 1.4 version.
The researcher observed that the control "IsRU", which checks if the infected computer is on Russia, Ukraine, Belarus, Kazakhstan or Tajikistan has changed. In this variant of ransomware, if the test results positive, then the systems are not infected (their files are not encrypted).
However, hackers are targeting other countries and they are in risk.
Nemty ransomware has been known lately. It's been circulating on hacking forums for quite some time now. However, the wider community learned about it in late August, when researcher Vitali Kremez discovered and published his findings.