Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Nemty ransomware

Nemty ransomware

Also known as: Nemty Project

Category: Malware

Type: Ransomware

Platform: Windows

Variants: Nemty 1.4, 1.5, and 1.6

Damage potential: File encryption, data loss, ransom demands, system performance issues


Nemty, or Nemty Project, is a type of malware that attackers use to encrypt a victim’s files. After encryption, they leave a note on the victim’s device, asking for a payment in cryptocurrency to unlock those files.

Nemty was first spotted in 2019, and researchers think it might be related to the GandCrab ransomware family because of similarities in their code and behavior. Nemty operates on a ransomware-as-a-service model and is regularly updated by its creators.

Possible symptoms

The most obvious signs of a Nemty infection are inaccessible files, a “.NEMTY_” extension added to file names, and a ransom note detailing how to contact attackers for payment. Additionally, you might notice:

  • System performance issues, such as frequent crashes and slowdowns.

  • Unexpectedly high data usage or network traffic.

  • Unusual disk activity.

  • Suspicious network connections.

  • Login failures.

Sources of infection

Cybercriminals use phishing campaigns, freeware websites, peer-to-peer networks, malicious ads and websites, fake software updates, exposed Remote Desktop Protocols (RDP), and exploit kits to distribute this ransomware.


Good cybersecurity practices will help you steer clear of ransomware.

  • Avoid downloading files or software from unofficial sources.

  • Be careful with email attachments, especially from unknown senders. Do not open suspicious links, media, or documents.

  • Use NordVPN to secure your online traffic.

  • Scan your newly downloaded files for viruses and block malicious websites with NordVPN’s Threat Protection feature.

  • Make sure your operating system and software are updated.

  • Install a reputable antivirus solution.

  • Regularly back up important data.


You can use a reliable decryptor tool to get rid of Nemty ransomware. If you can’t perform the removal yourself or don’t have a clean backup to restore files from, get help from an IT specialist.

Ultimate digital security