Rebranding a ransomware is how dark web hackers belonging to the same hacking communities have been able to continually launch malicious attacks on businesses. Over the years, rebranding has become a common practice among cyber criminals.
However, for better protection against ransomware attacks, cyber security defenders should combine threat intelligence with conventional force against the deep web’s threat actors. Furthermore, for stronger security measures that effectively minimize vulnerabilities; it is always best practice for Internet users to make a backup file with pertinent data, which is stored in strategically different locations.
The latest hacking news involves a report released by cyber security analysts that gives insight into the Night Sky ransomware. The team of researchers has tracked the behavior of the newly released ransomware and published several IoCs as well as safety counter measures.
Night Sky’s Dual Attacks
The ransomware dubbed Night Sky got its unique moniker from the way it operates around the clock; it was revealed in January by security analysts that have revealed that the ransomware employs a dual extortion line of attack.
A subsequent Vedere Labs study contains numerous other relevant information concerning the Night Sky ransomware operation. It was discovered that the hackers, in January 2022, during a brief hacking campaign targeted victims from Bangladesh and other Asian countries.
It was observed in the form of an executable virus designed to run on Windows x64 with files that were given names like unknown, wzl6rs0i6[.]dll, and update[.]txt.
Additionally, it shows that the Night Sky hackers include a link to a webchat platform that is controlled by the hacking group, from there victims unknowingly are communicating with the malicious dark web hackers. Further reports by the cyber analyst stated that the Night Sky ransomware had potentially expanded its reach, due to the use of Log4Shell which helps the malware to spread and infiltrate more devices.
Night Sky Evolves to Pandora
It was also reported that the DEV-0401 associated with the Night Sky ransomware is a vulnerability associated with a cyber criminal group based in China.
Further revelations by the cyber security specialists state that victims who try to avoid paying the hackers’ requested ransom risk having their information released in one of the notorious dark web site marketplaces on the deep web. However, the website that the hackers stated is currently unavailable, implying that the threat actors may very well have changed their name.
Additional information shows that Night Sky was discovered to be a modified version of the Rook ransomware community, one that originated from Babuk’s leaked source code. It was carried out by the same hackers who used AtomSilo and LockFile malware.
Soon after the Night Sky and Rook leaked locations were taken down in January, a new group called Pandora emerged. This ransomware, although quite new; research shows that it utilizes malicious applications that are still very aggressive and identified as Rook.