{ "id": "435772d9-b050-4fd0-bc23-ca9466adcab6", "created_at": "2026-04-06T00:15:44.305577Z", "updated_at": "2026-04-10T03:21:38.542808Z", "deleted_at": null, "sha1_hash": "cb68b9d107a78d394a82c9596276c707e4a93003", "title": "Nemty Ransomware Punishes Victims by Posting Their Stolen Data", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1881654, "plain_text": "Nemty Ransomware Punishes Victims by Posting Their Stolen Data\r\nBy Lawrence Abrams\r\nPublished: 2020-03-03 · Archived: 2026-04-05 20:55:46 UTC\r\nThe Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay\r\nransoms.\r\nIn 2019, ransomware operators began to use the concerning tactic of stealing victim's files before encrypting computers and\r\nthen publicly posting these files if the victim does not pay.\r\nThe stealing and publishing of stolen data, which in many cases includes company financials, personal information of\r\nemployees, and client data, automatically escalated these ransomware attacks into data breaches.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOnce Maze Ransomware followed through with their threat and posted stolen files, other ransomware families such as\r\nDoppelPaymer and Sodinokibi started to launch leak sites to extort victims in a similar manner.\r\nIn a new site shared with BleepingComputer by Damien, the Nemty Ransomware operators have started to punish their non-paying victims by releasing files that were stolen before devices were encrypted.\r\nNemty Leak Site\r\nThis blog currently lists a single victim, an American footwear company,  and contains a link to 3.5 Gigabytes of files that\r\nwere allegedly stolen from the company.\r\nAs more ransomware operators begin to utilize this extortion tactic, victims will need to consider all ransomware attacks a\r\ndata breach. This means file noticed with the government, alerting affected people, and sending out breach notifications.\r\nThe attackers are hoping that these extra costs and the potential reputation hit may push some victims into paying a ransom.\r\nBleepingComputer has contacted the listed company to confirm if this is indeed their data but had not heard back at this\r\ntime.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/" ], "report_names": [ "nemty-ransomware-punishes-victims-by-posting-their-stolen-data" ], "threat_actors": [], "ts_created_at": 1775434544, "ts_updated_at": 1775791298, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cb68b9d107a78d394a82c9596276c707e4a93003.pdf", "text": "https://archive.orkl.eu/cb68b9d107a78d394a82c9596276c707e4a93003.txt", "img": "https://archive.orkl.eu/cb68b9d107a78d394a82c9596276c707e4a93003.jpg" } }