#Privacy: Nemty ransomware will start leaking stolen data

Hostinger

Nemty Ransomware has announced plans it will create a blog to publish stolen data from ransomware victims who refuse to pay the ransom. 

Sodinokibi and Maze Ransomware are using a new tactic whereby files are stolen from organisations before encrypting them.

If the victim refuses to pay the ransom, then the stolen data is slowly leaked little-by-little until the ransom has been paid. 

The thought process behind this is that organisations may choose to pay the ransom if it costs less than the financial penalties, data breach notification costs, loss of trade and potential lawsuits for exposing personal data. 

A recent ‘News” post from the Nemty Ransomware affiliate panel, shared with BleepingComputer shows plans to create a website where they will leak the stolen data if the ransom is not paid. 

“Nemty is already configured for network attacks with a builder mode that is used to create executables that target an entire network rather than individual computers,” explained BleepingComputer.

“According to this mode, the created ransomware executables are “only for corporations”. This means there will be one key used to decrypt all the devices in the network and victims will not be able to decrypt individual machines.”

If this new extortion method is successful, threat actors will start adopting this new tactic, which will not just negatively impact organisations, but also allow for personal and third-party information to be disclosed to anyone. 


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.