{
	"id": "0f77f000-1d87-4e71-9ece-5e10cfe446b3",
	"created_at": "2026-04-06T00:14:54.660729Z",
	"updated_at": "2026-04-10T03:21:47.289702Z",
	"deleted_at": null,
	"sha1_hash": "35d0de3be574f3d89bbb600b2069355bc35ff648",
	"title": "Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2334242,
	"plain_text": "Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit\r\nBy Lawrence Abrams\r\nPublished: 2019-10-11 · Archived: 2026-04-05 20:24:58 UTC\r\nThe RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware. \r\nFirst spotted by exploit kit researcher mol69, a malvertising campaign is redirecting users to the RIG exploit kit to target\r\nenterprise users who are still utilizing Internet Explorer and Flash Player.\r\nIf a user running these outdated programs are redirected to the exploit kit landing page, the malicious scripts will attempt to\r\nexploit vulnerabilities in the browser to install a variety of malware including the Nemty 1.6 ransomware.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe most obvious change in this version is the ransom note that now shows a version number of 1.6 as seen  below.\r\nNemty 1.6 Ransom Note\r\nAccording to security firm Tesorion, Nemty 1.6 also modified their encryption algorithm to use the Windows cryptographic\r\nlibraries instead of their own custom AES implementation. \r\nThis was most likely done to break the decryptor created by Tesorion, which didn't go as plan as Tesorion's decryptor can\r\nstill decrypt Nemty 1.6 victims for free.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/"
	],
	"report_names": [
		"nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit"
	],
	"threat_actors": [],
	"ts_created_at": 1775434494,
	"ts_updated_at": 1775791307,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/35d0de3be574f3d89bbb600b2069355bc35ff648.pdf",
		"text": "https://archive.orkl.eu/35d0de3be574f3d89bbb600b2069355bc35ff648.txt",
		"img": "https://archive.orkl.eu/35d0de3be574f3d89bbb600b2069355bc35ff648.jpg"
	}
}