Operators behind Nemty ransomware are closing down their public Ransomware-as-a-Service (RaaS) operation and switching to a private operation instead.
Nemty is a classic Ransomware-as-a-Service business model that has been in operation since the summer of 2019. It provided users who signed up to the service an access to a web portal where they can create their own version of Nemty ransomware and choose their own method of distribution such as email spam, exploit kits, or by brute-forcing RDP endpoints.
Once distributors received a ransom payment they got to keep 70% of the amount, while the remaining 30% went to RaaS operators.
In a recent announcement on a Russian hacker forum the Nemty operator said they were closing their RaaS operation to the public and "going private." Victims have been given a week to pay for decryptors before all servers would be shut down.
Not long after the announcement was made, the Nemty gang shut down its "leak site," a portal where they publish files belonging to companies that refused to pay ransom demands.
According to Bleeping Computer, earlier this month the crew announced that they have completely rewritten the ransomware and released it as "Nemty Revenue 3.1", which is likely would be used in Nemty's more exclusive private operation.