Cybercriminals use deceased staff accounts to spread Nemty ransomware
Cybercriminals are reportedly using the accounts of deceased or departed staff members to spread the Nemty Ransomware, according to a case study documented by Sophos cyber forensics group, Rapid Response. Rapid Response claims that an organization reached out to them after being infected by the ransomware. The threat actors are taking advantage of ghost accounts and using lack of oversight in removing them to their benefit.
The ransomware is also known as Nefilim and has impacted roughly 100 systems. The ransomware operated by encrypting valuable files and demanding payment in return for decrypting the often sensitive information. Nemty was first discovered in 2019 as a Ransomware-as-a-Service (RaaS) variant of malware that was available for purchase. However, the ransomware was privatized in 2020 by its developers.