Earlier this week, we wrote that the cryptographic operators Sodinokibi (aka REvil) and Maze began to resort to new tactics to intimidate the victims. So, now not only money is extorted from the affected companies for decrypting the data, but information is also stolen, which, in case of non-payment of the ransom, is started in small batches to be made publicly available.
In theory, in such cases, companies should be more likely to pay the ransom, since it will cost them less than possible fines, expenses for notifications of data leakage, loss of commercial and business secrets, a stain on reputation, as well as possible lawsuits due to the disclosure of personal data .
Now edition Bleepingcomputer reports that Nemty ransomware operators have decided to resort to the same tactics. So, Nemty developers plan to create a website through which they will merge stolen data in case of non-payment of foreclosures.
BleepingComputer founder Lawrence Abrams notes that Nemty is now primarily targeting corporate networks, using a single key to decrypt all devices on the network so that victims can not decrypt data on separate machines. Combined with the existing functionality for data theft and extortion, further development of RaaS (ransomware-as-a-service, ransomware as a service) is unlikely to be difficult.