description-logo Description

The Nymaim malware bot is a ransomware program designed to render the contents of a victim's computer inaccessible and demand payment to ensure the unlocking of the victim's files. Some versions of Nymaim are also used to distribute banking Trojans.

Symptoms

Some possible symptoms include, but are not limited to:

  • Loss of use of Windows
  • Significant increase in hard disk activity
  • Connections to known ransomware C&C infrastructure
  • Windows "locked" and ransom page shown in its place

Analysis

Nymaim was typically distributed using the Exploit Kit known as BlackHole, and was one of the earliest families of ransomware. It is delivered through multiple methods, including drive-by-downloads, malicious email attachments, malicious Microsoft Office macros, and other methods.

More recently is has been seen to deliver various other malicious programs, especially banking Trojans.

recommended-action-logoInstructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.

Telemetry logoTelemetry