By now, it’s a familiar refrain, ransomware operators publishing documents after pinching them from a vulnerable company – this time the victim was a subsidiary of Germany’s Dussmann Group, a sprawling multiservice provider, and the attacker, Nefilim’s operators.

The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist  Dresdner Kühlanlagenbau GmbH (DKA), according to a BleepingComputer report, which said the Nefilim operators had posted two archives with 14GB of files to their leak site.

“This data-leak scenario with Dussmann Group illustrates the importance of not only protecting access to data but also protecting the data itself,” said Trevor Morgan, product manager at comforte-AG. While protecting access from outsiders is important, “it does not account for the fact that given enough time and persistence, threat actors can penetrate beyond perimeter security into the protected environment,” he said. “Also, it also does not take into consideration “inside jobs” in which threat actors are already on the inside.”

Andrea Carcano,  co-founder of Nozomi Networks, believes the trend of threatening to publish stolen files in “an attempt to gain leverage” will “unfortunately” continue, pointing to findings in the Nozomi OT/IoT Security Report.

“Given that threats are increasing and constantly changing, it’s important to maintain high cyber resiliency and fast response capabilities,” Carcano said. “It’s a daunting task, but not impossible.”

Nefilim emerged last March from the operators of ransomware as a service (RaaS) Nemty, which was shuttered less than a year after it began operating.