Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit By Lawrence Abrams Published: 2019-10-11 · Archived: 2026-05-03 02:41:36 UTC The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware.  First spotted by exploit kit researcher mol69, a malvertising campaign is redirecting users to the RIG exploit kit to target enterprise users who are still utilizing Internet Explorer and Flash Player. If a user running these outdated programs are redirected to the exploit kit landing page, the malicious scripts will attempt to exploit vulnerabilities in the browser to install a variety of malware including the Nemty 1.6 ransomware. https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 1 of 8 https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 2 of 8 https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 3 of 8 Visit Advertiser websiteGO TO PAGE https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 4 of 8 https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 5 of 8 The most obvious change in this version is the ransom note that now shows a version number of 1.6 as seen  below. https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 6 of 8 Nemty 1.6 Ransom Note According to security firm Tesorion, Nemty 1.6 also modified their encryption algorithm to use the Windows cryptographic libraries instead of their own custom AES implementation.  This was most likely done to break the decryptor created by Tesorion, which didn't go as plan as Tesorion's decryptor can still decrypt Nemty 1.6 victims for free. https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 7 of 8 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Source: https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ Page 8 of 8