VERY IMPORTANT

NightSpire, a ransomware group active since February 2025, employs aggressive tactics and a specialized infrastructure similar to Ransomware-as-a-Service models. They operate a Dedicated Leak Site, posting victim information and countdown timers for data release. The group uses threatening language and offers various communication channels for negotiations. NightSpire targets diverse industries across multiple countries, utilizing a double-extortion strategy. Their ransomware encrypts files using block or full encryption methods, with specific extensions encrypted in 1MB blocks for efficiency. Encrypted files receive a .nspire extension, and a ransom note is created in each affected folder. The ransomware's structure includes an AES symmetric key encrypted with an RSA public key at the end of each infected file.