Cybernews reports that Windows systems have been targeted by the new Nnice ransomware strain with innovative encryption and detection bypass capabilities, which has been proliferating across several dark web hacking sites.
Initial compromise with Nnice ransomware enables not only the exfiltration of credentials, web session cookies, and emails and the identification of security software but also the escalation of privileges, attainment of boot-level persistence, and encryption of files with the ".xdddd" extension, according to an investigation by the CYFIRMA Research and Advisory team. Process injection and DLL sideloading have also been conducted by Nnice ransomware, which finishes its attacks with a ransom note detailing file recovery instructions and the application of a new wallpaper noting the encryption of all files within the impacted system. Such a development was noted by CYFIRMA researchers to warrant the adoption of robust encryption and security protocols across cloud and local environments.