Back to Threat Groups
nefilim
INACTIVEransomware group
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Victims
15
records
First Discovered
May 5, 2020
victim
Last Discovered
Sep 9, 2021
victim
Inactive Since
1,750
days
Countries
4
hit
Avg Discount
—
no settlements
Group Activity
Last 12 monthsJul
2025
Aug
2025
Sep
2025
Oct
2025
Nov
2025
Dec
2025
Jan
2026
Feb
2026
Mar
2026
Apr
2026
May
2026
Jun
2026
Victims (15)
Atlanta Allergy & Asthma. Part 1.
nefilim
Sep 9, 2021
Healthcare1.0Published
Grimmway Farms. Part 1.
nefilim
Sep 9, 2021
Agriculture and Food Production1.0Published
Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser.
nefilim
Sep 9, 2021
Manufacturing1.0Published
Seven Seas. Part 1.
nefilim
Sep 9, 2021
Consumer Services1.0Published
The MADSACK Media Group. Part 1.
nefilim
Sep 9, 2021
Business Services1.0Published
Tegut. Part 1.
nefilim
Sep 9, 2021
Consumer Services1.0Published
TPG Internet. Part 1.
nefilim
Sep 9, 2021
Telecommunication1.0Published
Saipa Press. Part 1.
nefilim
Sep 9, 2021
Manufacturing1.0Published
Tegut. Part 2.
nefilim
Sep 9, 2021
Consumer Services1.0Published
The MADSACK Media Group. Part 2.
nefilim
Sep 9, 2021
Business Services1.0Published
Whirlpool
nefilim
Dec 1, 2020
Critical Manufacturing1.0Published
DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary)
nefilim🇩🇪 DE
Jul 27, 2020
Critical Manufacturing1.0Published
Orange (mobile operator)
nefilim🇫🇷 FR
Jul 4, 2020
Communication1.0Published
orange.fr
Fisher and Paykel Appliances
nefilim🇳🇿 NZ
Jun 1, 2020
Critical Manufacturing1.0Published
Toll Group
nefilim🇦🇺 AU2 groups: netwalker
May 5, 2020
Transportation Systems1.0Published
Infrastructure
leak site
OFFLINE
unreachable
http://hxt254aygrsziejn.onion60055ms
15h ago