Per The Register, cybersecurity experts are advising victims of the Nitrogen ransomware group that paying ransoms is futile due to a critical programming error that prevents data recovery. This advice is particularly relevant for organizations targeted by Nitrogen's malware affecting VMware ESXi systems.Coveware's analysis revealed that Nitrogen's ransomware for VMware ESXi encrypts files using an incorrect public key. This error stems from a flaw where a new variable overwrites part of the public key, making it impossible for the group to decrypt the files, even if a ransom is paid. The corrupted public key was not derived from a private key, meaning no one possesses the correct private key for decryption. Nitrogen, active since 2023 and evolving from code borrowed from the Conti 2 builder, began extorting organizations around September 2024.This significant coding blunder by the Nitrogen group highlights the inherent risks of paying ransoms. It transforms a financially motivated attack into one of pure destruction, leaving both attackers and victims without a positive outcome.Source: The Register
Ransomware
Nitrogen ransomware group’s coding error renders payments futile

An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



