New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada

SUMMARY :

Nitrogen, a new ransomware strain identified in September 2024, has become a significant threat to organizations worldwide, particularly in the financial sector. It encrypts critical data and demands substantial payments for decryption, targeting industries such as finance, construction, manufacturing, and technology in the United States, Canada, and the United Kingdom. The ransomware's attack chain begins with malvertising campaigns on search engines, tricking users into downloading trojanized installers. It uses tools like Cobalt Strike and Meterpreter shells to establish persistence and move laterally within networks. Notable victims include SRP Federal Credit Union, Red Barrels, Control Panels USA, and Kilgore Industries. Nitrogen employs sophisticated tactics, including system reconnaissance, advanced evasion techniques, and exploitation of vulnerable drivers to disable security tools.

OPENCTI LABELS :

cobalt strike,ransomware,data exfiltration,malvertising,nitrogen,meterpreter,vulnerable driver


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada