N3TW0RM Ransomware Targets Israeli Businesses
A new ransomware family is being used to carry attacks against vulnerable systems. The threat, dubbed N3TW0RM Ransomware, has so far been used exclusively against Israel-based companies and users. The malicious software does not just encrypt data – it also steals important files prior to encrypting them. The stolen data is then also used to extort the victim for money. Victims of the N3TW0RM Ransomware are told that they need to pay a ransom fee of about 3 Bitcoin in order to receive a decryptor, as well as to prevent their data from being published online. While the reach of the N3TW0RM Ransomware attacks is relatively small for now, it is likely that this campaign will start expanding in the near future.
The ransom sum that the criminals ask for is one of the highest seen in 2021, and victims of the N3TW0RM Ransomware should not agree to pay. 3 Bitcoin are worth approximately $173,000 and sending so much money to the wallet of anonymous hackers is a terrible idea. Do not forget that fulfilling their demands does not guarantee a positive outcome – there is a chance that you will lose both the files and the money.
Unfortunately, there's no chance of a free decryptor being released due to the complexity of N3TW0RM Ransomware's file-locking mechanism – only the creators of the malware have the decryption keys needed to complete the task. Files that this ransomware locks are marked with the '.n3tw0rm' extension. The ransom note it drops at the end of the attack is titled 'N3TW0RM_MESSAGE.txt.'
Many ransomware creators bluff when they threaten to leak stolen data online, but, sadly, N3TW0RM Ransomware's intentions appear to be real. Their website has already published the names of some of the compromised companies, as well as small bits of documents that were allegedly stolen from their servers.
Victims of the N3TW0RM Ransomware should not give in to the demands of the hackers, and they should look for a more reliable recovery option. Their first task, however, should be to ensure the full removal of the file-encryption Trojan with the use of an appropriate antivirus tool.