A recently emerged ransomware gang, Knight ransomware, has been actively attacking Windows computers since August 2023, focusing on stealing sensitive data. Various sectors, including retail and healthcare, have fallen victim to Knight ransomware to date, impacting organizations like dental offices, medical clinics, and hospitals.
According to Fortinet, attacks have affected businesses in The United States more than any other nation.
Key Details on Knight Ransomware:
This group employs a double extortion tactic, encrypting victim files and exfiltrating data to support their extortion efforts. Encrypted files receive a “.knight_l” extension, accompanied by a ransom note titled “How To Restore Your Files.txt.”
Targeting businesses, Knight ransomware sets a high ransom amount. Notably, the Bitcoin wallet in their ransom note shows no documented transactions.
Victims can communicate with the threat actor through a TOR website owned by the gang, featuring a list of victims and exposed data. The group exploits file-sharing platforms like Mega, Gofile, and UploadNow, utilizing another TOR site to disclose stolen content.
Recommendation:
Given the potential disruptions, damage to daily operations, and risks to an organization’s reputation, it’s crucial to have updated endpoint security and IPS controls in place to protect against this type of attack.
For those affected, the FBI provides a Ransomware Complaint website to submit screenshots of ransomware activity through the Internet Crimes Complaint Centre (IC3). This resource is open to individuals and organizations impacted by ransomware.