Zscaler ThreatLabz has been tracking the Nokoyawa ransomware family and its predecessors including Karma and Nemty ransomware. The original version of Nokoyawa ransomware was introduced in February 2022 and written in the C programming language. File encryption utilized asymmetric Elliptic Curve Cryptography (ECC) with Curve SECT233R1 (a.k.a. NIST B-233) using the Tiny-ECDH open source library combined with a per file Salsa20 symmetric key. In September 2022, a Rust-based version of Nokoyawa ransomware was released. This new version used Salsa20 for symmetric encryption, but the ECC algorithm was replaced with Curve25519. In December 2022, Nevada ransomware was advertised in criminal forums. ThreatLabz has determined that Nevada shares significant code with the Rust-based variant of Nokoyawa.
REFERENCE: https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokayawa-variant
TAGS: Nokoyawa, Nevada Ransomware
MALWARE FAMILIES: Nevada Ransomware, Win64.Ransom.NOKOYAWA
ATT&CK ID: T1471 - Data Encrypted for Impact
Read More:
Comments