Nemty ransomware has abandoned its public ransomware-as-a-service (RaaS) model, and will instead become a private operation available only to a handful of carefully selected affiliates.
This was confirmed by one of the ransomware’s operators, Jsworm, on a Russian hacking forum, and spotted by security researcher Vitali Kremez.
According to a Bleeping Computer report, Nemty used to license out its ransomware, receiving 30 percent of the ransom collected. However, it seems a slip up last year, which allowed Tesorion to craft a decryptor, prompted the criminals to pivot towards a private model.
“We leave in private,” the translated post reads. “Victims have a week to acquire decryptors, then it will be no longer possible. In a week you can close the topic, do not merge the master keys :) (sic)”
This means users infected with older strains of the ransomware have a week (possibility a little less at time of writing) to get hold of decryption keys, or else lose their data for good.
Kremez believes Nemty will become more “exclusive” and draw in more experienced malware distributors, which could be more profitable in the long term. Two weeks ago, the operators announced an entirely rewritten ransomware, dubbed Nemty Revenue 3.1.