The operator behind the Nemty ransomware has announced that the group will no longer be running as a service for other criminals, choosing instead to go private. This means that the group will use the Nemty ransomware to encrypt files of victim companies that they have compromised, attempting to extort ransom payments directly from the victims. Nemty was discovered by researchers last summer, with some versions of the ransomware being decryptable without paying to obtain the encryption key, due to mistakes made by the malware author. In their closing post, the operator also announced that victims will have one week to pay the ransom and receive software and the key needed to decrypt files. No encryption keys will be kept after the transition.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in