New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada

Description

Nitrogen, a new ransomware strain identified in September 2024, has become a significant threat to organizations worldwide, particularly in the financial sector. It encrypts critical data and demands substantial payments for decryption, targeting industries such as finance, construction, manufacturing, and technology in the United States, Canada, and the United Kingdom. The ransomware's attack chain begins with malvertising campaigns on search engines, tricking users into downloading trojanized installers. It uses tools like Cobalt Strike and Meterpreter shells to establish persistence and move laterally within networks. Notable victims include SRP Federal Credit Union, Red Barrels, Control Panels USA, and Kilgore Industries. Nitrogen employs sophisticated tactics, including system reconnaissance, advanced evasion techniques, and exploitation of vulnerable drivers to disable security tools.