{ "id": "f297fe12-5f6b-4341-be07-e7b0939c13f8", "created_at": "2026-05-03T03:07:59.186247Z", "updated_at": "2026-05-03T03:09:28.960388Z", "deleted_at": null, "sha1_hash": "aa06277ce1bf9787962391605874b30634987853", "title": "Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 826819, "plain_text": "Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit\r\nBy Lawrence Abrams\r\nPublished: 2019-10-11 · Archived: 2026-05-03 02:41:36 UTC\r\nThe RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware. \r\nFirst spotted by exploit kit researcher mol69, a malvertising campaign is redirecting users to the RIG exploit kit to\r\ntarget enterprise users who are still utilizing Internet Explorer and Flash Player.\r\nIf a user running these outdated programs are redirected to the exploit kit landing page, the malicious scripts will\r\nattempt to exploit vulnerabilities in the browser to install a variety of malware including the Nemty 1.6\r\nransomware.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 1 of 8\n\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 2 of 8\n\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 3 of 8\n\nVisit Advertiser websiteGO TO PAGE\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 4 of 8\n\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 5 of 8\n\nThe most obvious change in this version is the ransom note that now shows a version number of 1.6 as seen \r\nbelow.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 6 of 8\n\nNemty 1.6 Ransom Note\r\nAccording to security firm Tesorion, Nemty 1.6 also modified their encryption algorithm to use the Windows\r\ncryptographic libraries instead of their own custom AES implementation. \r\nThis was most likely done to break the decryptor created by Tesorion, which didn't go as plan as Tesorion's\r\ndecryptor can still decrypt Nemty 1.6 victims for free.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 7 of 8\n\n99% of What Mythos Found Is Still Unpatched.\r\nAI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits\r\nis coming.\r\nAt the Autonomous Validation Summit (May 12 \u0026 14), see how autonomous, context-rich validation finds what's\r\nexploitable, proves controls hold, and closes the remediation loop.\r\nClaim Your Spot\r\nSource: https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nhttps://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/\r\nPage 8 of 8", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/" ], "report_names": [ "nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit" ], "threat_actors": [], "ts_created_at": 1777777679, "ts_updated_at": 1777777768, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/aa06277ce1bf9787962391605874b30634987853.pdf", "text": "https://archive.orkl.eu/aa06277ce1bf9787962391605874b30634987853.txt", "img": "https://archive.orkl.eu/aa06277ce1bf9787962391605874b30634987853.jpg" } }