As iTWire reported on Thursday, the listing had been removed, something that normally happens when a victim pays whatever ransom has been demanded or else is negotiating with the attackers.
But a security source said it now looked like the first listing had been done to push the company into paying up.
Now after waiting a while and realising that this was not going to happen, the attackers had again listed Nexia, the source added. The attackers have said on the site that they would soon release the data that was stolen.
In a statement provided last week, a Nexia spokesperson said: "The matter was swiftly dealt with by our external providers and co-ordinated by our in-house ICT manager and we are advised that there is no evidence of any movement of data/files," the spokesperson said.
"As part of the process passwords were changed, servers were patched and firewalls were geo-locked. Our systems continue to be monitored as per our standing arrangements."