Traveling Spider - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 13:58:38 UTC
Home > List all groups > Traveling Spider
 APT group: Traveling Spider
Names
Traveling Spider (CrowdStrike)
Gold Mansard (SecureWorks)
Country [Unknown]
Motivation Financial gain
First seen 2019
Description
(BleepingComputer) A new ransomware has been spotted over the weekend,
carrying references to the Russian president and antivirus software. The researchers
call it Nemty.
This is the first version of Nemty ransomware, named so after the extension it adds
to the files following the encryption process.
Observed
Countries: Argentina, Algeria, Austria, Belgium, Bhutan, Bolivia, Brazil, Canada,
Chile, China, Czech, Denmark, Ecuador, Egypt, Estonia, France, Germany, Ghana,
Guatemala, Guinea, Hungary, India, Indonesia, Iran, Italy, Japan, Latvia, Libya,
Lithuania, Luxembourg, Malaysia, Morocco, Nepal, Netherlands, Niger, Pakistan,
Philippines, Poland, Portugal, Russia, Slovakia, South Africa, South Korea, Spain,
Sweden, Thailand, Turkey, UAE, UK, Ukraine, USA, Venezuela, Vietnam.
Tools used
7-Zip, AdFind, BloodHound, LaZagne, MEGAsync, Mimikatz, Nefilim, Nemty,
Network Password Recovery, PsExec, smbtool.
Operations performed
Sep 2019
Nemty Ransomware Update Lets It Kill Processes and Services
Sep 2019
Fake PayPal Site Spreads Nemty Ransomware
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f0596c9f-822f-4e3c-b2af-fc50630e6ec0
Page 1 of 3

Sep 2019
Nemty Ransomware Gets Distribution from RIG Exploit Kit
Oct 2019
Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit
Nov 2019
Nemty Ransomware Expands Its Reach, Also Delivered by Trik
Botnet
Jan 2020
Nemty Ransomware to Start Leaking Non-Paying Victim's Data
Feb 2020
Nemty Ransomware Actively Distributed via 'Love Letter' Spam
Mar 2020
Nemty Ransomware Punishes Victims by Posting Their Stolen Data
Mar 2020
New Nefilim Ransomware Threatens to Release Victims' Data
Apr 2020
Nemty ransomware operation shuts down public RaaS
May 2020
Toll Group hit by ransomware a second time, deliveries affected
May 2020
Beyonce and Victoria's Secret lingerie maker targeted by extortionists
Jun 2020
Nefilim Hackers Publish Oil Firm Data Online and Continue
Disruptive Campaign
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f0596c9f-822f-4e3c-b2af-fc50630e6ec0
Page 2 of 3

Jul 2020
Orange confirms ransomware attack exposing business customers'
data
Jul 2020
Business giant Dussmann Group's data leaked after ransomware
attack
Nov 2020
Luxottica data breach exposes 820K EyeMed, LensCrafters patients
Dec 2020
Home appliance giant Whirlpool hit in Nefilim ransomware attack
Jan 2021
Nefilim Ransomware Attack Uses “Ghost” Credentials
Mar 2021
The Nefilim Ransomware Group Has Hit ‘Spirit Airlines’
Information
Last change to this card: 10 August 2021
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f0596c9f-822f-4e3c-b2af-fc50630e6ec0
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f0596c9f-822f-4e3c-b2af-fc50630e6ec0
Page 3 of 3