ByBill Toulas-September 9, 2019.270 Actors build credible PayPal websites and guarantee a return on investment of between 3 and 5 per cent. The file that victims access is not the PayPal program but a version of the Nemty ransomware. Those who walk into the pit will be asked for a $1000 ransom in Bitcoin because they come from countries that speak Russia. Paypal Fake Page-> # Nemty@malware traffic@jeromesegura@Vk Intel@BleepinComputer pic.twitter.com/yzakaFezi0 nao sec (@nao sec) September 7, 2019 The malicious file provided for download is called ‘ cashback.exe ‘ and most browsers will warn users that the file they are trying to download looks nasty. If the user responds they trust the source in the request they will get a copy of the ransomware Nemty on their device. According to VirusTotal results, 32 out of the 68 antivirus engines tested miss the malicious executable so Nemty’s chances of nesting in the host system and encrypting all files are just below 50% if the victim first uses an Av solution. The Nemty model used in this advertisement is version 1.4 and the amount of money the actors seek is the equivalent of $1000 in Bitcoin. This is the standard amount we’ve seen offenders using Nemty ask while the payment period offered to the victims is also a common one of 48 hours. Belarus Russia Kazakhstan Ukraine and Tajikistan are the countries which are exempt from the infection outbreak. Unless you live in one of those countries, or your machine language is set to the languages you’re free from this initiative but don’t expect a 5 percent return on your investment. .271.271 If you were infected with a Nemty version, you would find that the “.nemty” extension is available for all your files. If that’s the case don’t pay the actors as there’s no guarantee you’ll get your files back. SpyHunter 5 Malwarebytes and Reimage are all capable of removing all traces of Nemty from your device, so be sure to wipe it out before beginning backup restoration. Nemty is very persistent and your files will get re-encrypted if you don’t delete all of its components. You can only find it on “paypal.com” or on your platform’s official app stores if you’re trying to get the official PayPal version.