Roland Dela Paz describes for Fortinet how Nemucod, much spammed malware already well-known for downloading malware including (recently) Teslacrypt, now has the ability to drop ransomware directly (i.e. from its own body) including the ransom note and a batch file to initiate the encryption.
The good news is that the ransomware isn’t as effective as the ransom note tries to persuade the victims: not yet, anyway. It’s not the case that ‘Nobody can help you but us.’ That doesn’t mean this will always be the case, though.
Dela Paz notes some resemblance between this ransomware and KeyBTC but notes that it can’t be confirmed at present that there is a direct relationship.