Night Sky, a new type of ransomware targeting businesses
2022.01.15
Security researchers have warned that a new type of ransomware called "Night Sky" is on the rise again, targeting corporate networks and stealing data in a double ransomware attack. The ransomware family was first discovered by security researchers from the Malware Hunter team. After encrypting files, the ransomware appends a ".nightsky" extension to encrypted filenames.
The ransomware gang started operations on December 27, 2021, and has breached the corporate networks of two organizations in Bangladesh and Japan, respectively. The gang also set up a leak site on the Tor network, exposing or selling the files and data of victims who did not pay the ransom.
The ransomware group demanded a ransom of $800,000 from one of its victims to recover encrypted data. Security researchers noticed that Night Sky ransomware does not encrypt .dll or .exe files, nor does it encrypt the following list of files or folders:
After the attack, the ransomware drops a ransom note called NightSkyReadMe.hta in each folder, the information in the file includes a contact email, hardcoded credentials for the victim negotiation page, login to Rocket.Chat for contact credentials.
l
Experts point out that the ransomware gang communicated with victims via email and a running Rocket.Chat. Over the next few months, other businesses will be targeted by Night Sky ransomware attacks, which should be kept in view.
Reference source: https://securityaffairs.co/wordpress/126400/malware/night-sky-ransomware-operation.html
【Editor's Choice】
HarmonyOS official strategic cooperation and joint construction - HarmonyOS technology community
FinalSite hit by ransomware attack, thousands of school websites inaccessible
Be wary of Autom cryptocurrency mining malware attacks, use upgraded evasion tactics!
McMenamins data breach affects employee information for past 12 years
BitMart Promises Compensation to Hack Victims, But Some Users Still Haven't Got Funds Back
To avoid autonomous driving accidents, how does the CV field detect physical attacks?
【Editor in charge: Zhao Ningning TEL: (010) 68476606】