Nemty ransomware actors have created a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.
Why the blog?
The Nemty group’s plan resembles the tactics started by the Maze and used by Sodinokibi, who also steal files from companies before encrypting them.
The ransomware operators cum developers have a news feed where they post their plans, bug fixes, and upcoming changes coming to their Ransomware-as-a-Service (RaaS).
The execution plan
Nemty attacks on network with a builder mode, which helps the actors to create executables to target an entire network rather than individual systems.
Now, let’s wait and watch if this new extortion method is paying off for the ransomware actors, unless they get busted. However, the trend suggests that we will continue to see more threat actors adopting this new tactic.