Breaking

Night Sky Ransomware is attacking corporate networks for 800K ransom

The new year comes with a new ransomware variant called Night Sky, targeting corporate networks and stealing information in double-extortion attacks.

The discovery of Night Sky ransomware was first made by MalwareHunterteam on Dec 27th when two victims were affected by the ransomware variant. The ransom demand was $800,000for the decryptor and not publishing the encrypted data.

Modus Operandi of Night Sky Ransomware

Night Sky ransomware comes with a hardcoded credentials to breach the victim’s negotiation page and deliver a customized ransom note. The ransomware will encrypt your data except the .dll and .exe files. Once the files are encrypted the encrypted files will have a extension .nightsky as the shown in the image.

Within folders a ransom note with file name NightSkyReadme.hta is available, and this file will have the details of the data that is stolen including emails, credentials, etc. The ransomware uses email and web site with Rocket to communicate with the victims.

Also, the ransom note comes with credentials which should be used to login with the Rocket.Chat URL.

Night Sky ransomware employs double-extortion

Like any other ransomware operations Night Sky ransomware also encrypts as well as steals the victim’s data for further leverage. The double-extortion strategy is used to threaten victims to make ransom payments, as leakage of data could be more devastating than just encryption.

The leakage of data is done via the data like site in Tor which already has the two victims from the December breach. These two victims were from Japan and Bangladesh. The recent ransomware attack was from AvosLocker Ransomware Operators on December 30th attacking the US police department, and Night Sky ransomware is the first ransomware threat of 2022 that security professionals and enterprises need to keep an eye on.

While there has not been a lot of activity with the new Night Sky ransomware operation, it is one that we need to keep an eye on as we head into the new year.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.

Share the article with your friends
John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!

Recent Posts

Recast Software: Advanced Endpoint Management and Security Tools for IT Teams

Recast Software offers a suite of tools designed to enhance and simplify endpoint management in…

4 months ago

Patch My PC: Streamlined Software Management for ConfigMgr and Intune

Patch My PC is a widely-used solution that simplifies third-party application management by automating app…

4 months ago

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

4 months ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

5 months ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

6 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

6 months ago