Ramnit

Also known as: Nimnul

According to Check Point, Ramnit is primarily a banking trojan, meaning that its purpose is to steal login credentials for online banking, which cybercriminals can sell or use in future attacks. For this reason, Ramnit primarily targets individuals rather than focusing on particular industries.

Ramnit campaigns have been observed to target organizations in particular industries. For example, a 2019 campaign targeted financial organizations in the United Kingdom, Italy, and Canada.

C2 Infrastructure

Hosting/VPS100%

Last 7 days

Apr 14, 2026

C2 Hosts: 1

Daily C2 host counts for the last 7 days
Date	C2 Hosts
Apr 14, 2026	1

Further Reading

Financial Cyberthreats in 2020

This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common p...

Leverage educational content like blogs, articles, videos, courses, reports and more, crafted by IBM experts, on emerging security and identity technologies.

securityintelligence.com

Leverage educational content like blogs, articles, videos, courses, reports and more, crafted by IBM experts, on emerging security and identity technologies.

securityintelligence.com

Ramnit â in-depth analysis

If we look on Ramnitâs history, itâs hard to exactly pin down which malware family it actually belongs to. One thing is certain, itâs not a new threat. It emerged in 2010, transferred by remo...