Inactive Knight ransomware’s source code being sold on hacking forum

BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.

Included in the peddled source code for Knight 3.0 ransomware were source codes for the locker and panel, according to Cyclops, which did not give a price for the package but noted that transactions would only be done with a lone buyer, preferably those that provide deposits. Cyclops also provided TOX and Jabber contact addresses where transactions could be negotiated, with the former address previously linked with Knight ransomware. Unveiled in November, Knight ransomware 3.0 has been touted to feature several improvements over previous iterations, including a 40% gain in encryption speeds and an overhauled ESXi module. However, Knight ransomware may be looking to end operations as evidenced by its prolonged stagnation, having listed its last victim earlier this month, said KELA researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.