Ransom.NightSky

Short bio

Ransom.NightSky is Malwarebytes' detection name for a family of highly targeted ransomware.

Symptoms

Night Sky will append the .nightsky extension to encrypted file names. On an affected system there will be a ransom note named NightSkyReadMe.hta in each folder.

Night Sky ransom note

Type and source of infection

Ransomware is a category of malware that holds files or systems hostage for ransom. At the moment of writing the initial breach method is unknown, but it is clear that the ransomware program is especially created for every victim.

Aftermath

Like many other ransomware operators Night Sky has also increased pressure on its victims by threatening to publicize exfiltrated data on the dark web.

Protection

block Ransom.NightSky

Malwarebytes blocks Ransom.NightSky

Business remediation

How to remove Ransom.NightSky with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menuNebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found. Ransom.DarkSide Nebula On the Quarantine page you can see which threats were quarantined and restore them if necessary. Nebula Quarantaine All component/technology detections are passed to the remediation engine for complete removal from infected systems. This industry leading technology uses patented techniques in identifying all cohorts or associated files for a single threat and removes them all together to prevent malware from resuscitating itself. If you are using Malwarebytes Ransomware Rollback technology, it allows you to wind back the clock to negate the impact of ransomware by leveraging just-in-time backups.

Related blog content

All about ransomware

How ransomware gangs are connected, sharing resources and tactics

Select your language

New Buy Online Partner Icon Warning Icon Edge icon