Posted: December 29, 2023
from Cybersecurity Glossary
W32.Ramnit, Nimnul, Virus:W32/Ramnit, Virus.Ramnit, Trojan:W32/Ramnit, VBS/Ramnit, Trojan:HTML.Ramnit, W32/Jadtre, Win32.Virus.Wapomi, Win32/Ramni.
Trojan.Win32.RAMNIT.A, Win32/Ramnit.B, Virus:W32/Ramnit.N, Trojan.Win32.Zenpak.bdt, Virus.Win32.Nimnul.f, Win32.Ramnit.F, Virus/W32.Ramnit.C. Ramnit.A is the most common variant. Ramnit has evolved over time and some variants have been merged with other threats (like the Zeus Trojan) to create a more sophisticated and dangerous malware.
Ads Devices To A Botnet, Steals Banking Data, Establishes Unauthorized Remote Connection.
Risk Level:

Ramnit is a banking trojan that originated back in 2010. Initially, its was operating as a computer worm, which was self-spreading via HTML files. With time, however, it gained functionality that goes beyond the classic banking trojan functionality. Operating surreptitiously, it not only installs backdoors but also pilfers passwords, ultimately granting cyber attackers unrestricted access to the compromised system.

Possible symptoms

  • Spontaneous opening of online banking login pages.
  • Unexpected network activity, indicating communication with command and control servers.
  • Presence of unfamiliar files or processes in the system.
  • Anomalies in HTML files, potentially leading to compromised web pages.

Sources of the infection

  • Malicious email attachments and links, exploiting social engineering techniques to deceive users.
  • Drive-by downloads from compromised or malicious websites.
  • Shared networks and resources, enabling lateral movement within an organization.
  • Exploitation of software vulnerabilities in the Windows operating system.


Ramnit is a banking trojan with aliases including W32.Ramnit, Nimnul, Virus:W32/Ramnit, Trojan:HTML.Ramnit, and others. Targeting Windows operating systems, it primarily aims at stealing online banking credentials from web browsers. Aside from that, Ramnit steals sensitive data, creates backdoors and downloads additional malware. This malware poses a significant threat to the security of infected devices.

Initially identified around 2010, Ramnit soon started pilfering financial data, evolving over time into a formidable banking trojan. It discreetly installs backdoors, pilfers passwords, and grants cyber attackers unrestricted access to compromised systems. Symptoms of Ramnit infection include unusual system behavior, unexpected network activity, unfamiliar files or processes, and spontaneous log-outs from online banking accounts.

Sources of infection include malicious email attachments, deceptive social engineering techniques, drive-by downloads from compromised websites and exploitation of unpatched software vulnerabilities. Ramnit has multiple variants, with Ramnit.A being the most common. Some variants have merged with other threats, such as the Zeus Trojan, creating more sophisticated and dangerous malware.

If you suspect your system is infected with Ramnit, immediate isolation from the network is crucial. Conduct a thorough scan using a Gridinsoft Anti-Malware, remove infected files, and restore clean backups if available. Change all passwords, especially sensitive ones like banking credentials, and consider seeking professional assistance for complete removal.

Prevention measures involve keeping the Windows operating system and antivirus software up-to-date, regularly scanning for malware, avoiding downloads from untrusted sources, exercising caution with links and email attachments, using strong passwords, enabling two-factor authentication, and implementing network security measures like firewalls to block unauthorized access.

🤔 What to do?

If you suspect your system is infected with Ramnit, immediately disconnect from the network to block its connection to the command server. Perform a thorough scan using a Gridinsoft Anti-Malware. Remove infected files and restore clean backups if available. Change all passwords, especially sensitive ones like banking credentials. Consider seeking professional assistance to ensure complete removal.

🛡️ Prevention

Ensure your Windows operating system and antivirus software are up-to-date. Regularly scan your system for malware. Avoid downloading files from untrusted sources and exercise caution when clicking on links or email attachments. Use strong, unique passwords and enable two-factor authentication where possible. Employ network security measures, such as firewalls, to block the malware connection at the very beginning.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware