CyberNews Briefs

Cybercriminals use deceased staff accounts to spread Nemty ransomware

Cybercriminals are reportedly using the accounts of deceased or departed staff members to spread the Nemty Ransomware, according to a case study documented by Sophos cyber forensics group, Rapid Response. Rapid Response claims that an organization reached out to them after being infected by the ransomware. The threat actors are taking advantage of ghost accounts and using lack of oversight in removing them to their benefit.

The ransomware is also known as Nefilim and has impacted roughly 100 systems. The ransomware operated by encrypting valuable files and demanding payment in return for decrypting the often sensitive information. Nemty was first discovered in 2019 as a Ransomware-as-a-Service (RaaS) variant of malware that was available for purchase. However, the ransomware was privatized in 2020 by its developers.

Read More: Cybercriminals use deceased staff accounts to spread Nemty ransomware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.