Subscribe

Night Sky Ransomware Targets Corporate Networks

January 7, 2022

MalwareHunterTeam has discovered a new ransomware called Night Sky, which targets companies and steals data in double extortion attacks.

When Night Sky ransomware is started, it encrypts all files except those ending with the .dll or .exe file extensions. When encrypting files, Night Sky will append the .nightsky extension to encrypted file names.

In each folder, which contains the . nightsky extension, a ransom note named NightSkyReadMe.hta contains details about what was stolen, contact emails and hardcoded credentials to the victim’s negotiation page.

Night Sky uses email addresses and a clear website running Rocket.Chat to communicate with victims.

The Tor data leak site, created by Night Sky to leak victim data, currently contains two victims: one victim is from Bangladesh and the other from Japan.

One of the victims was ordered to pay a ransom of $800,000 to obtain both a decryptor and stolen data, which was not made public.

For more information, read the original story in BleepingComputer.

Top Stories

How can project sponsors help projects succeed?

AI pioneer Yann LeCun calls Elon Musk’s xAI a ‘failure’

Microsoft sued by shareholders over Azure growth and AI spending

SpaceX shares fall 20% from peak following $60 billion cursor acquisition

Snap unveils first consumer AR glasses priced at more than $2,000

Key U.S. data center law faces expiration with no replacement in sight

Related Articles

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

CISA exposed internal passwords and cloud keys in public repository

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

Canvas restores service after cyberattack disrupted schools and universities

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn