Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets.
According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they can stolen data can be doxxed if victims fail to comply with ransom demands.
Reportedly, the ransomware is designed to attack large networks, using executables that lock up all devices and require a single key to decrypt them all at once.
Threatening to publicly leak victims’ files compounds the pressure on victim companies to pay, in order to protect their corporate secrets and shield customers from harm.
The attackers behind Maze ransomware have already notably employed this tactic against the city of Pensacola, Fla.; wire and cable manufacturer Southwire; and security staffing company Allied Universal. Sodinokibi’s makers have also made such threats against victims such as Travelex and, according to BleepingComputer, on Jan. 11 they actually did post data that they claim belongs to staffing firm Artech Information Systems.
The Snatch and Zeppelin ransomware are also designed to steal information, further indication that the trend is on the rise.