WARNING RANSOMWARE CRY36 / NEMESIS IS SPREADING
CMC Cyber Sercurity malware analysts have reported that at least 4 units infected with Ransomware Cry36 / Nemesis all user data (except for files that may cause operating system errors) are encrypted and Change the extension to ". [id] _WECANHELP".
The ransomware model has the extension ". [Id] _WECANHELP" which is the latest variant of Cry36 / Nemesis that was first discovered on August 9, 2019. When it infects the victim's computer, it quickly scans all drive partitions and shared partitions to identify user data and ignores executable files and system files. Finally, the ransomware encrypts data, and in each folder it encrypts, a file containing information that the victim can conteacts with the attacker and the victim's ID is left behind. Variants of Cry36 / Nemesis are usually sent to the victim's computer via poorly secured RDP ports, spam emails or pretend to be software that trick users into downloading.
Currently, there is no effective method to break the code of Cry36 / Nemesis. However, the victims were never paid a ransom for the attacker. There have been many cases recorded, after paying the ransom victims also failed to decode the data or the decoded data was faulty. At the same time, paying the attacker will wake him up again.
To prevent the risk of becoming a victim of Cry36 / Nemesis, users should disconnect RDP service ports if not needed, set up firewall rules to restrict users, remote access to server, ensure the origin of the software, email before opening.