MALWARE: Netfilim

Netfilim uses AES-128 encryption to encrypt victim’s files. An RSA-2048 embedded in the ransomware executable will then encrypt the AES encryption key. The encrypted AES key will then be added to every encrypted key. The ransomware also adds a “NEFILIM” string as a file marker to all encrypted files. The encrypted files will have .NEFILIM appended to their file names (for example, a file called 1.doc would be named 1.doc.NEFILIM).

 

Incidents Caused by this Malware

  • December 5, 2020: Home appliance giant Whirlpool hit in Nefilim ransomware attack
  • May 5, 2020: Toll Group Cyber Attack #2

Threat Actors Known to use this Malware

No threat actors identified

Pin It on Pinterest

Scroll to Top