Nemty is a ransomware that carried references to the Russian president and antivirus software. It comes with an unusual name for the mutex object. The author called it "hate".



Nemty is distributed through infected email attachments (macros), torrent websites, and malicious ads. On September 3rd, 2019, it was discovered to be also spreaded by the RIG Exploit Kit.


Nemty will delete the shadow copies for the files it processes, taking away from the victim the possibility to recover versions of the data as created by the Windows operating system.

The updated version kills certain processes and services.

Victims will see a ransom note informing that the attackers hold the decryption key and that data is recoverable for a price. Nemty's ransom demand was 0.09981 BTC, which converts to around $1,000 at the moment.

The ransom note saids this:


[+] Whats Happen? [+]

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has 
extension .nemty
By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant 
return your data (NEVER).

[+] What guarantees? [+]

It’s just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities – nobody will not cooperate with us.
It’s not in our interests.
If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, 
cause just we have the private key.
In practise – time is much more valuable than money.

[+] How to get access on website? [+]

1) Download and install TOR browser from this site: hxxps://
2) Open our website: – zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5t***zxprjjnwapkad.onion

When you open our website, follow the instructions and you will get your files back.

Configuration file path:

The payment portal is hosted on the Tor network for anonymity, and users have to upload their configuration file. They are provided with the link to another website that comes with a chat function and more information on the demands.

