Knight ransomware sources are up for sale

KELA researchers report that a member of the Knight ransomware group has listed the source code for the third iteration of their malware on a cybercriminal forum.

Emerging in late July 2023, Knight ransomware, a rebranded version of Cyclops, targets Windows, macOS, and Linux/ESXi systems. It quickly rose to prominence in the cybercriminal community, offering affiliates information stealers and a simplified ransomware variant for targeting smaller entities.

According to Bleeping Computer, KELA analysts spotted a sale listing for the source code on the RAMP hacking forum two days ago, posted by an individual known as Cyclops, associated with the Knight group.

The sources of the Knight ransomware are up for sale

“The Knight 3.0 ransomware source code is up for grabs, including the panel and locker source codes, all of which are proprietary and crafted in Glong C++,” states Cyclops in the post.

While the asking price wasn’t disclosed, Cyclops emphasized that the source code would be sold to a single buyer to maintain Knight’s exclusivity. Preference would be given to reputable buyers with a deposit, with transactions facilitated through an escrow service on either RAMP or the XSS hacking forum.

The third version of Knight, launched on November 5, 2023, boasted a 40% speed increase in encryption, an updated ESXi module, support for the latest hypervisor versions, and several other enhancements.

The sources of the Knight ransomware are up for sale

The motives behind the sale remain a mystery, but KELA’s darknet monitoring has not detected any activity from Knight members since December 2023. Furthermore, the group’s ransomware website is currently offline, with the last victim recorded on February 8th.

KELA speculates that the prolonged inactivity of the Knight ransomware suggests the group may be winding down operations and liquidating its assets.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment