Warning About NightSpire Ransomware Following Cases of Damage in South Korea

Description

NightSpire, a ransomware group active since February 2025, employs an aggressive strategy and specialized infrastructure similar to Ransomware-as-a-Service models. They operate a Dedicated Leak Site, posting victim information and countdown timers for data release. Using highly threatening language, NightSpire offers various communication channels for negotiations. The group targets corporations across multiple countries and industries, employing a double-extortion strategy of encrypting and leaking data. NightSpire ransomware uses block encryption for specific file types and full encryption for others, adding the .nspire extension to encrypted files. The ransomware inserts the AES symmetric key at the end of encrypted files, further secured by RSA public key encryption.