Midnight Ransomware Emerges with Babuk-like Tactics

A new ransomware strain, Midnight, has been discovered by Gen researchers, echoing the tactics of its predecessor, Babuk. Midnight introduces novel cryptographic modifications that inadvertently allow for file recovery. The ransomware typically appends the .Midnight or .endpoint extension to encrypted files and uses ChaCha20 and RSA encryption. Security vendors have released decryption tools to help victims reclaim their data without paying a ransom.

Latest mentioned: 11-07

Earliest mentioned: 11-05

Sources

gendigital.com hackread.com gbhackers.com cybersum.net

Also Read

Silent Lynx Espionage Campaigns Target Diplomatic Events

Seqrite Labs’ APT Team has documented new campaigns from Silent Lynx, a sophisticated threat actor group known for spear-phishing operations targeting diplomatic and governmental employees. The group, also known as YoroTrooper and Sturgeon Phisher, continues its espionage activities with minimal operational security improvements. The latest campaigns, dubbed Operation Peek-A-Baku, focus on monitoring geopolitically sensitive events and targeting entities involved in strategic cooperation agreements and infrastructure projects. The group uses malicious RAR archives and PowerShell-based reverse shells hosted on GitHub repositories to maintain persistence. Researchers believe the group’s primary objective is gathering intelligence related to high-level diplomatic engagements.

11-06Read more →