- Ukraine Police Bust Fraud Scheme - October 15, 2023
- Saudi Man Sentenced for X & YouTube - October 15, 2023
- Pro-Russia Hackers Leak Military Data - October 15, 2023
This week, 24 more victims were disclosed by Nokoyawa Leaks, the Nokoyawa ransomware group’s official messaging channel.
Nokoyawa 2.0, the group’s most recent iteration, uses the extremely fast Rust programming language and features improved file encryption capabilities.
The Nokoyawa ransomware group’s history and tactics are provided below for your information.
Ransomware Group Nokoyawa: History
Built on a 64-bit Windows platform, the Nokoyawa ransomware gang initially appeared in February 2022. Researchers quickly identified Hive ransomware pugmarks on the new competitor.
The Hive ransomware, which attacked over 300 companies over the course of just four months in the second half of 2021, attracted a lot of attention. This evil organization was able to gather significant revenues, maybe in the millions of US dollars.
Researchers from Trend Micro discovered a link between Hive and the less well-known Nokoyawa ransomware organization in March 2022.
The Similarities
A likely connection is suggested by the similarities between the two ransomware families, which range from the tools used to the order in which the assault actions are carried out.
Researchers from Trend Micro have observed that both organizations use Cobalt Strike to establish a footing during the early phase of the attack.
In order to avoid countermeasures, they also rely on legal, often abused technologies like PC Hunter and GMER, which are primarily intended for anti-rootkit scanning.
Ransomware Group Nokoyawa: Features
The virus was first created in C and used Elliptic Curve Cryptography (ECC) with SECT233R1 to attack businesses using asymmetric encryption and files encrypted with a Salsa20 symmetric key.
Nokoyawa 2.0, the revised version, improved the ransomware’s capabilities by introducing runtime flexibility through a command-line configuration option.
Researchers from Zscaler highlighted that Nokoyawa 2.0 has a unique design decision that requires a whole configuration file to be entered via the command line.
According to this strategy, the ransomware has been specifically designed to appeal to a variety of threat actors. These affiliates are probably compensated with ransomware earnings for breaking into businesses and deploying it.