An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.
A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said.
Nefilim (a.k.a. Nemty) is a ransomware strain that emerged in 2020, with its operators adopting the tactic that researchers call double extortion. In other words, Nefilim threatens to release victims’ data to the public if they fail to pay the ransom; it has its own leaks site called Corporate Leaks, which resides on a TOR node. Most famously, it attacked Australian transportation giant Toll Group early last year.