MALWARE: Netfilim
Netfilim uses AES-128 encryption to encrypt victim’s files. An RSA-2048 embedded in the ransomware executable will then encrypt the AES encryption key. The encrypted AES key will then be added to every encrypted key. The ransomware also adds a “NEFILIM” string as a file marker to all encrypted files. The encrypted files will have .NEFILIM appended to their file names (for example, a file called 1.doc would be named 1.doc.NEFILIM).
Incidents Caused by this Malware
- December 5, 2020: Home appliance giant Whirlpool hit in Nefilim ransomware attack
- May 5, 2020: Toll Group Cyber Attack #2
Threat Actors Known to use this Malware
No threat actors identified