Nephilim – what is it?
Nephilim, a ransomware variant with noticeable similarities in both design and code to the well-known Nemta, has become a significant cybersecurity problem. This malware uses advanced encryption techniques to restrict access to files on the victim’s system, demanding a ransom to release data safely. Nephilim ransomware started to spread at the end of February 2020, and since then, many companies have already been affected.
Nephilim protocols and principles
During the attack, the name of the file extension NEPHILIM is added to the end of the name of each encrypted file. This is where the name of this ransomware comes from. Nephilim appends a unique extension to all encrypted, making it unique per victim. A ransom note is sent to the victims, which includes various email addresses to contact. In addition, it warns victims that their data will be leaked if the ransom is not paid within a certain amount of time. Like Nemty, the Nephilim protocol uses the strategy of threatening victims by disclosing encrypted data on darknet markets – a method that is gaining popularity among cybercriminals.
How do we avoid the Nephilim threat?
Addressing the threat posed by Nephilim requires a proactive approach to cyber security and knowing the Nephilim rules. Organizations should invest in robust security measures, including advanced threat detection systems, employee training on cyber security best practices, and routine data backups.
