As the New Year begins, a new ransomware called the ‘Night Sky’ has come to the front. Night Sky targets corporate networks and steals data in double-extortion attacks.
The MalwareHunterTeam, who were the first to spot the new malware, said the malware operation was started on December 27th and has since published the data of two victims.
One of the victims was contacted with an initial ransom demand of $800,000 to for a decryption key and for stolen data not to be made public.
According to BleepingComputer, once the ransomware successfully gains access to a victim’s computer, Night Skyp encrypts all files except the ones ending with the .dll or .exe file extensions and some necessary Windows, browser etc files; the malware also appends the .nightsky extension to encrypted file names.
In each folder there is a a ransom note named NightSkyReadMe.hta which jas information about the stolen data, contact emails, and hard coded login info to the victim’s negotiation page.
To leak victim’s data, Night Sky has created a Tor data leak site that currently includes two victims, one from Bangladesh and another from Japan.
While there has not been a lot of activity with the new Night Sky ransomware operation, it is one that that we should be vigilant about as we go into the new year.