Netix, also identified as RANSOM_NETIX.A, targets Windows 7 and Windows 10 and masquerades as applications designed to access hacked Netflix accounts. One of these applications, Netflix Login Generator v1.1.exe, when launched, displays a pop-up window with a “Generate Login” button and, if clicked, displays what appears to be a username and password combination. As the combination is displayed, Netix drops and executes the file netprotocol.exe that begins encrypting files in the C:\Users folder with AES-256 encryption, appending .se to the file names. It then contacts its C2 server to transmit the infection ID and to retrieve the ransom note files. The ransom payment demand is $100 USD worth of Bitcoin.
- Bleeping Computer provides more information on Netix here.
- The NJCCIC is not currently aware of any free decryption tool available for Netix.