Knight ransomware, rebrand of Cyclops, falls under the category of file-encrypting malware. This malicious software encrypts files on infected systems and demands a ransom for the decryption key
A new ransomware group called Knight targets Windows computers, stealing sensitive data from various industries like retail and healthcare, including dentist offices, clinics, and hospitals. The United States is the most affected nation, according to Fortinet. Knight ransomware encrypts files and steals data for double extortion. Encrypted files get a “.knight_l” extension, and victims receive a ransom note titled “How To Restore Your Files.txt.” They demand high ransoms but haven’t documented any Bitcoin transactions yet.Victims can contact the group through a TOR website. The group shares stolen data on another TOR site and has used platforms like Mega, Gofile, and UploadNow for data disclosure.
It’s recommended to keep antivirus and intrusion prevention system (IPS) signatures updated due to the significant disruptions and potential damage to operations, reputation, and personal information release.The FBI offers a Ransomware Complaint website where victims can report ransomware activity by submitting screenshots through their Internet Crimes Complaint Centre (IC3) for both individuals and affected organisations.
What kind of malware is Knight?
Knight ransomware, rebrand of Cyclops, falls under the category of file-encrypting malware. This malicious software encrypts files on infected systems and demands a ransom for the decryption key. When tested, the Knight ransomware encrypted files by adding a “.knight_l” extension to their names. For instance, a file named “1.jpg” would become “1.jpg.knight_l” after encryption. Additionally, the ransomware placed a ransom note called “How To Restore Your Files.txt” in each folder containing encrypted files.The group responsible for Knight operates it as Ransomware-as-a-Service. They also provide malware that can steal information. This indicates the possibility of a double-extortion strategy, where the ransomware not only encrypts files but also threatens to expose stolen data. The variant examined during our analysis made reference to such tactics.
