Nefilim is among the growing number of ransomware families that exfiltrate victims' files before encrypting them on-site. The Nefilim operators are known for releasing victim’s stolen data in small parts to put pressure on them for paying the ransom, just like they did with Fisher & Paykel in a recent incident.
The latest data leaks by Nefilim operators
The Nefilim ransomware operator launched attacks on Fisher and Paykel and threatened to leak the data. When Fisher and Paykel didn’t agree to pay the demanded ransom, attackers started releasing the stolen data in parts.
- Recently, the attackers posted dark web links to the second lot of documents that were stolen from Fisher and Paykel Appliances during the attack.
- Earlier in June, the Nefilim ransomware had targeted Fisher and Paykel, impacting its manufacturing and distribution facilities. At the time, attackers had released two files, first was a list of the stolen documents and the other was a zipped file of a small set of actual documents.
Other recent data leaks
The Nefilim ransomware operators have been using this strategy of leaking data in parts for other victims also.
- In May, the Nefilim operators compromised the data of the Swiss train manufacturer, Stadler Rail, and demanded a ransom payment of $6 million in bitcoin. In June, they leaked part 1 and part 2 of the stolen sensitive data.
- In April, they stole 300 GB of data from South Asia’s largest lingerie manufacturer, MAS Holdings, and released around 28 GB of data in two parts. Later in May, they released the third part (around 3 GB). The fourth and fifth parts of the data (around 5 GB) were released in June.
Experts recommend using data segmentation to classify sensitive and non-sensitive data, and additional layers of security like encryption and multi-factor authentication (MFA) to protect sensitive data. This way, attackers won’t be able to misuse data even in case of any security breach incident.