Nemty Ransomware has announced plans it will create a blog to publish stolen data from ransomware victims who refuse to pay the ransom.
If the victim refuses to pay the ransom, then the stolen data is slowly leaked little-by-little until the ransom has been paid.
The thought process behind this is that organisations may choose to pay the ransom if it costs less than the financial penalties, data breach notification costs, loss of trade and potential lawsuits for exposing personal data.
A recent ‘News” post from the Nemty Ransomware affiliate panel, shared with BleepingComputer shows plans to create a website where they will leak the stolen data if the ransom is not paid.
“Nemty is already configured for network attacks with a builder mode that is used to create executables that target an entire network rather than individual computers,” explained BleepingComputer.
“According to this mode, the created ransomware executables are “only for corporations”. This means there will be one key used to decrypt all the devices in the network and victims will not be able to decrypt individual machines.”
If this new extortion method is successful, threat actors will start adopting this new tactic, which will not just negatively impact organisations, but also allow for personal and third-party information to be disclosed to anyone.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/