Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
NightSpire Ransomware Exploits RDP for Covert Operations

NightSpire Ransomware Exploits RDP for Covert Operations

Posted on May 26, 2026 By CWS

A new ransomware, NightSpire, is creating significant disruptions across various sectors worldwide. First identified in early 2025, it has impacted industries ranging from healthcare to government institutions. What distinguishes NightSpire is its stealthy operation, effectively infiltrating systems before encrypting critical data.

Ransomware Tactics and Global Impact

NightSpire employs a dual extortion strategy, initially stealing sensitive information from victims before encrypting their data. If the ransom is not paid, the attackers threaten to release the stolen data on the dark web. Between March and June 2025, NightSpire targeted 64 organizations in 33 countries, with the United States being the most affected, followed by Turkey, Hong Kong, and several others.

Analysts from Picus Security have detailed the attack methods, highlighting the use of the Go programming language to create the ransomware’s encryptor. The malware appends a .nspire extension to files and leaves ransom notes in the affected directories. Notably, it also encrypts OneDrive files without changing their extension, increasing the likelihood of users being caught off guard.

Exploiting Trusted Tools for Persistence

The rapid proliferation of NightSpire is concerning, with over 45 victims reported on its leak site within three months. The ransomware has infiltrated sectors such as education, manufacturing, and IT services, indicating a highly organized threat operation. Picus Security emphasizes that NightSpire’s use of legitimate software makes it particularly challenging for defenders to detect.

Initial access is achieved through Remote Desktop Protocol (RDP), a common feature in Windows. Instead of deploying suspicious backdoors, attackers use well-known remote administration tools to maintain access, reducing the likelihood of detection. For instance, Chrome Remote Desktop and AnyDesk were installed on compromised systems, blending seamlessly into normal operations.

Data Exfiltration and Encryption Techniques

Once entrenched, NightSpire’s operators quickly scan for valuable data using the Everything search utility. This tool allows for rapid identification of critical files, which are then compressed into secure archives with 7-Zip. These archives are sent to MEGA cloud storage, masking their activities within regular network traffic.

The ransomware’s encryptor is subsequently activated, locking files with the .nspire extension and distributing ransom notes throughout the system. To mitigate risks, organizations are advised to monitor for unusual remote tool usage, restrict RDP access, and enforce multi-factor authentication.

In conclusion, the NightSpire ransomware exemplifies the evolving tactics of cybercriminals, highlighting the need for robust cybersecurity measures. By simulating potential attack scenarios, organizations can identify vulnerabilities and bolster their defenses against such sophisticated threats.

Cyber Security News Tags:cyber attack, cyber defense, cyber threat, Cybersecurity, data breach, data protection, Encryption, IT security, Malware, network security, NightSpire, Picus Security, Ransomware, RDP, remote access

Post navigation

Previous Post: Iranian APT Intensifies Attacks on Aviation and Software Sectors
Next Post: Hackers Target KnowledgeDeliver Zero-Day Vulnerability

Related Posts

North Korean Hackers Target Pharma Firms with Malware North Korean Hackers Target Pharma Firms with Malware Cyber Security News
North Korean Malware Targets macOS via Fake Zoom SDK Update North Korean Malware Targets macOS via Fake Zoom SDK Update Cyber Security News
CISA Urges Immediate Action on Citrix NetScaler Flaw CISA Urges Immediate Action on Citrix NetScaler Flaw Cyber Security News
Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code Cyber Security News
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems Cyber Security News
Critical WatchGuard Flaws Allow System Control on Windows Critical WatchGuard Flaws Allow System Control on Windows Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark