Investigation into a Nefilim Attack Shows Signs of Lateral Movement, Possible Data Exfiltration

Trend Micro’s Managed XDR (MxDR) and Incident Response (IR) teams recently investigated an incident involving a company that was hit by the Nefilim ransomware, which was initially discovered in March 2020. What makes Nefilim especially devious is that the threat actors behind the attack threaten to release the victim’s stolen data on an online leak site.

This represents a double whammy for the company—besides the threat of losing their data, they’re also at risk of having it published online. Even if the organization pays the ransom and gets its data restored, the threat actors behind the attack will still have access to it. This kind of scheme isn’t unique; it has also been observed on other ransomware such as Sodinokibi and DoppelPaymer.

Read more…
Source: Trend Micro