Nokoyawa is a financially motivated ransomware group that first emerged in February 2022, initially demonstrating code similarities with Nemty and Karma ransomware families and reusing functions from the leaked Babuk source code. While early reports mistakenly associated it with Hive ransomware, later analysis confirmed its distinct lineage. The group sets itself apart by employing a unique Elliptic Curve Cryptography (ECC) routine, specifically SECT233R1 and Curve25519 with Salsa20 for file encryption. In September 2022, Nokoyawa evolved significantly, being rewritten in the Rust programming language as Nokoyawa 2.0, enhancing its encryption capabilities and operational flexibility, notably through a command-line configurable JSON object. The group is known to operate under variants such as Nokoyawa 1.1, Nokoyawa 2.0, and Nevada (Nokoyawa 2.1), and has shown connections with the Snatch ransomware group through shared victims on data leak sites.

Sectores atacados

URLs nuevas detectadas en IntelTracker