Corporate networks around the world have been under attack by ransomware called Night Sky. The first activities of this ransomware were identified on December 27, a few days before New Year’s Eve. Like most file locker to target corporate entities, Night Sky Ransomware also relies on a double extortion attack. This means that it first steals the original copies of the victim’s files and then encrypts them.
Following this, they threaten victims who are unwilling to pay the demanded ransom that the collected data will be sold to competitors or disclosed to the public through a dedicated leak site.
As for Night Sky Ransomware itself, the threat uses an impossible-to-crack encryption algorithm to lock a large number of file types. The only ones that will be left untouched are those with .dll. and .exe extensions, as handling them could cause the device’s operating system to malfunction or experience critical errors.
The authors of these threats often use Trojans, emails, fake software updaters, software decryption tools, and unreliable sources to download files and programs as ransomware distribution channels. Your emails contain malicious links or attachments. The purpose of these emails is to trick recipients into opening malicious files so it is a good idea to be careful in these environments.
