Data Leak Site Launched by Nemty Ransomware Operators

Nemty Ransomware

Nemty Ransomware’s new cybercrime activity has been hacking victims ‘ data before encrypting machines and releasing the files online if the user does not agree to pay ransom demands. The latest initiative utilises a data leak platform to prosecute offenders who refuse to pay, and the information released contains financials from the organisation, personal information and customer data. Through exposing this sensitive data, ransomware attacks have developed into critical data breaches.

After the Maze Ransomware went through with their warning and released stolen files, other ransomware threat actors and families including DoppelPaymer and Sodinokibi began creating leak pages, extorting victims in a very similar way and creating new cybercrime operations. Today, Nemty Ransomware operators are the most recent group to begin utilizing leak sites by leaking their valuable information to target non-paying users.

The administrators behind the ransomware Nemty set up a data breach platform to post the victims ‘ details refusing to pay ransoms.

Nemty ransomware first emerged on threat landscape in August 2019; the malware name comes after the suffix it applies to the names of the encrypted files. The ransomware deletes copies of encrypted files in the shadow to make the recovery operation difficult.

Scientists at the Tesorion security firm built a decryptor device in October 2019 that operates on Nemty versions 1.4 and 1.6, and also revealed a functioning application for version 1.5.

Nemty ransomware operators revealed in February that they are setting up a website to release the data stolen from victims of ransomware who refused to pay the ransom.

The developers behind the Nemty ransomware kept their promise and set up the data leak platform continuing the dangerous trend that the Maze ransomware gang launched at the end of 2019.

The news was first published by BleepingComputer citing the malware expert Damien as a source.

Currently, this website contains only connections to 3.5 Gigabytes of data allegedly stolen from an American footwear company.

Many cybercrime groups, including DoppelPaymer and Sodinokibi teams, have followed the same tactic to compel victims to pay the ransom.

A few days ago, the operators behind Sodinokibi Ransomware released access links to archives supposedly stolen from the US company Kenneth Cole Productions containing records.

The Sodinokibi ransomware operators appear to have stolen more than 70,000 documents with financial and job details, as well as more than 60,000 business client information.

The Sodinokibi gang has demanded a ransom payment and is threatening to spill the full dump of stolen data publicly if the company decides not to cooperate.
The research group Under the Breach reported the news for the first time.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.