Nemty Ransomware has announced plans it will create a blog to publish stolen data from ransomware victims who refuse to pay the ransom.
If the victim refuses to pay the ransom, then the stolen data is slowly leaked little-by-little until the ransom has been paid.
The thought process behind this is that organisations may choose to pay the ransom if it costs less than the financial penalties, data breach notification costs, loss of trade and potential lawsuits for exposing personal data.
A recent ‘News” post from the Nemty Ransomware affiliate panel, shared with BleepingComputer shows plans to create a website where they will leak the stolen data if the ransom is not paid.
“Nemty is already configured for network attacks with a builder mode that is used to create executables that target an entire network rather than individual computers,” explained BleepingComputer.
“According to this mode, the created ransomware executables are “only for corporations”. This means there will be one key used to decrypt all the devices in the network and victims will not be able to decrypt individual machines.”
If this new extortion method is successful, threat actors will start adopting this new tactic, which will not just negatively impact organisations, but also allow for personal and third-party information to be disclosed to anyone.
The largest data protection, privacy and security event of 2020, now available on-demand!
Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.
You can access the content from all four days, by registering for access to our PrivSec Global platform below.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.