As financial sector cyberattacks continue to evolve with greater sophistication, proactive threat intelligence and robust security measures remain critical to protecting sensitive financial data and operations from emerging threats like Nitrogen ransomware. Nitrogen exploits the legitimate driver “truesight.sys” from RogueKiller AntiRootkit to terminate security processes and bypass endpoint detection and response (EDR) systems. Researchers have noted similarities between Nitrogen and another ransomware strain called LukaLocker based on TTPs, including identical file extensions (.NBA) for encrypted files and similar ransom note templates. Security experts recommend that organizations implement comprehensive endpoint protection solutions, maintain offline backups, keep systems updated, deploy multi-factor authentication, and provide regular security awareness training to employees. While traces of this financially motivated ransomware date back to July 2023, security experts primarily track its organized campaigns from September 2024. A ransom note named “readme.txt” is dropped on the desktop, demanding payment and threatening to publish stolen data unless victims contact the attackers through the qTox messaging service. The SonicWall Capture Labs threats research team confirmed that the “Volcano Demon” group distributes the LukaLocker variant and kills numerous processes before beginning encryption. Once executed, the ransomware begins its encryption routine while employing sophisticated anti-analysis methods, including debugger detection, virtual machine detection, and code obfuscation techniques. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A new financially motivated threat, Nitrogen Ransomware, has rapidly emerged targeting the financial sector and beyond.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 12 May 2025 17:05:16 +0000