Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.
In October 2019, researchers from the security firm Tesorion developed a decryptor tool that works on Nemty versions 1.4 and 1.6, they also announced a working tool for version 1.5.
In February, Nemty ransomware operators announced that they will set up a website to leak the data stolen from ransomware victims who refused to pay the ransom.
The operators behind the Nemty ransomware have maintained their promise and set up the data leak site following the dangerous trend begun at the end of 2019 by the Maze ransomware gang.
BleepingComputer first reported the news citing the malware analyst Damien as source.
This web site currently only includes links to 3.5 Gigabytes of data allegedly stolen from an American footwear company.
Other cyber crime gangs adopted the same strategy to force victims to pay the ransom, including DoppelPaymer and Sodinokibi crews.
A few days ago, the operators behind Sodinokibi Ransomware have published the download links to archives containing data allegedly stolen from the US firm Kenneth Cole Productions.
The Sodinokibi ransomware operators claim to have stolen over 70,000 documents with financial and work data, and more than 60,000 records of company customers.
The Sodinokibi gang requested the payment of a ransom and threatens to leak online the full dump containing stolen data in case the company will decide to not meet the request.
The news was first reported by the Under the Breach research group.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Nemty ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…
Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
This website uses cookies.
![](data:image/svg+xml;charset=utf-8,<svg height="696px" width="1118px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)