Knight ransomware, a relatively new ransomware gang that first appeared in August 2023, targets Windows computers to steal sensitive data.

Several industrial sectors have been attacked by the Knight ransomware organization, which includes retail and healthcare organizations, such as dentist offices, physicians’ clinics, and hospitals.

According to Fortinet’s classification of victim organizations by nation, the United States leads by a wide margin.

Specifics of Knight Ransomware

The group uses double extortion, in which the Knight ransomware encrypts files on victims’ computers and then steals data to carry out its extortion goal.

Files encrypted by the Knight ransomware are added with a “.knight_l” file extension once a network has been infiltrated and data has been exfiltrated. It then leaves a ransom note with the title “How To Restore Your Files.txt.”

The Knight ransomware targets businesses, which is why the ransom amount is set so high. The Bitcoin wallet in this ransom note has no documented transactions.

Victims may contact the threat actor via a TOR website owned by the Knight ransomware gang. There is a list of victims as well as stolen data placed there.

This group has also exploited several openly accessible file-sharing platforms, including Mega, Gofile, and UploadNow, and utilizes another TOR site to reveal stolen content.

Recommendation

“Due to the ease of disruption, damage to daily operations, the potential impact on an organization’s reputation, and the unwanted destruction or release of personally identifiable information (PII), etc., it is vital to keep all AV and IPS signatures up to date,” the company recommends.

The FBI has a Ransomware Complaint website where victims may submit screenshots of ransomware activity through their Internet Crimes Complaint Centre (IC3). This portal is available to both people and organizations afflicted by ransomware.