#Privacy: Nefilim ransomware threatens to release victims’ data

Operators behind the new ransomware Nefilim are threatening to release stolen data unless a ransom is paid. 

The new ransomware became active at the end of February 2020, to which head of SentinelLabs Vitali Krimez and ID Ransomware’s Michael Gillespie explained to BleepingComputer that it shares much of the same code as Nemty 2.5.

However unlike Nemty, Nefilim has removed the Ransomware-as-a-Service (RaaS) component and rather than relying on Tor for payments, it now relies on email communications. 

The Nefilim ransomware note warns victims that if they do not pay the ransom within seven days, data stolen from their network will be released. 

“A large amount of your private files have been extracted and is kept in a secure location. If you do not contact us in seven working days of the breach we will start leaking the data,” reads the ransomware note. 

The ransom note also contains instructions on how to contact the ransomware operators. 

Many ransomware families including Maze, Nemty and BitPyLock have being adopting similar methods whereby stolen data is published if victims do not pay their ransom. 

Earlier this month, the operators behind Sodinokibi published the files of American fashion house Kenneth Cole Productions after failing to pay their ransom request. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/