Nemty’s Ghost 👻 Technique
Ransomware operators are teaming up to exchange software and infrastructure to further accelerate the operation of leakage and extortion that harms the victims of such attacks. One such ransomware is Nefilim Nick named Nemty threatens victims to reveal the contents in public through its platform Corporate Leaks located in TOR
In the incident reported by research team , A ransomware attack from Nefilim locked up more than 100 systems stemmed from the unregulated account compromised of an employee who died three months ago. The attackers traveled silently through the network, stole the domain admin keys, then located and filtered GB’s of data prior to unleashing any malware that exposes the existence of such data. The account was obviously held deliberately as it was used for utilities,
Nefilim ransomware replaces the initial files with encrypted copies, nearly all the big ransomware, making recovery difficult without either a decryption key or a recent backup.
The latest victim of the attack was compromised by exploiting vulnerable versions of the Citrix Software, after which the actors gained access to the domain key or the domain admin account using Mimikatz.Ransomware is the final payload in a longer attack.Identifying and restricting the access to foreign invaders is a must .