BleepingComputer cybersecurity experts: Threat actors exploit the CVE-2021-20038 to execute code as the 'nobody' user in compromised appliances.
Night Sky started hitting companies worldwide. The new ransomware group has been spotted by the cybersecurity expert MalwareHunterTeam. As usual, it exploits the double extortion scheme
Night Sky is a new ransomware group that has started hitting companies worldwide. It has been first spotted by the cybersecurity MalwareHunterTeam. Since December 27th, when the “support chat” was officially set up, the cybercrime gang compromised already two victims. The scheme is the same of many malware actors: the double extortion. If the target doesn’t pay, it’s data are published will publish it on their leak website. Once in the user’s computer, the ransomware encrypts all the files the .nightsky extension, except those ending with the .dll or .exe. Furthermore, in each folder is put a ransom note, named NightSkyReadMe.hta, which contains information related to the stolen info, contact emails, and hardcoded credentials (given by the threat actors) to the victim’s negotiation page.