{
	"id": "2dec23c4-1758-491d-92ae-3536263d3ac3",
	"created_at": "2026-04-06T00:08:37.666625Z",
	"updated_at": "2026-04-10T03:20:58.307565Z",
	"deleted_at": null,
	"sha1_hash": "735bfcd354e62a08957a442ebfaec5f6fa072b5c",
	"title": "Nemty Ransomware to Start Leaking Non-Paying Victim's Data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1805646,
	"plain_text": "Nemty Ransomware to Start Leaking Non-Paying Victim's Data\r\nBy Lawrence Abrams\r\nPublished: 2020-01-13 · Archived: 2026-04-05 15:38:33 UTC\r\nThe Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims\r\nwho refuse to pay the ransom.\r\nA new tactic started by the Maze Ransomware and now used by Sodinokibi is to steal files from companies before\r\nencrypting them. If a victim does not pay the ransom, then the stolen data will be leaked little-by-little until payment has\r\nbeen made or it has all been released.\r\nThe theory behind this is that companies may be more apt to pay a ransom if it costs less than the possible fines, data breach\r\nnotification costs, loss of trade and business secrets, tarnishing of brand image, and potential lawsuits for the disclosing of\r\npersonal data. \r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nTo facilitate this publishing of stolen data, the Maze operators have created a web site that they use to publish information\r\nabout their non-paying victims and links to the leaked data.\r\nNemty plans on creating a leaked data site\r\nIn the Nemty Ransomware affiliate panel, the ransomware developers have a news feed where they post their plans, bug\r\nfixes, and upcoming changes coming to their ransomware-as-a-service.\r\nAccording to a recent 'News' post shared with BleepingComputer, Nemty plans to create a web site where they will leak\r\nstolen data if ransoms are not paid.\r\nNewsfeed from Nemty Ransomware affiliate panel\r\nNemty is already configured for network attacks with a builder mode that is used to create executables that target an entire\r\nnetwork rather than individual computers.\r\nAccording to this mode, the created ransomware executables are \"only for corporations\". This means there will be one key\r\nused to decrypt all the devices in the network and victims will not be able to decrypt individual machines.\r\nNemty Targeted attack ransomware builder\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/\r\nPage 3 of 4\n\nWith this functionality already in place, evolving the RaaS to incorporate data exfiltration and further extortion tactics would\r\nnot be a laborious change.\r\nIf remains to see if this new extortion method is paying off for the ransomware actors, but one thing is for sure, we will\r\ncontinue to see more threat actors adopting this new tactic.\r\nEven worse, this also means that these types of attacks are not only affecting the company but are causing personal and\r\nthird-party information to be disclosed to unauthorized users.\r\nWhile that means that victims should treat these as attacks like data breaches, from existing cases, it does not appear that\r\nthey are doing so.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/"
	],
	"report_names": [
		"nemty-ransomware-to-start-leaking-non-paying-victims-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434117,
	"ts_updated_at": 1775791258,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/735bfcd354e62a08957a442ebfaec5f6fa072b5c.pdf",
		"text": "https://archive.orkl.eu/735bfcd354e62a08957a442ebfaec5f6fa072b5c.txt",
		"img": "https://archive.orkl.eu/735bfcd354e62a08957a442ebfaec5f6fa072b5c.jpg"
	}
}