NightSpire is an emerging ransomware family that uses double extortion, stealing data before encryption and threatening to leak it on a Tor-based site. Between March and June 2025, it hit at least 64 organizations in 33 countries, using tools like Chrome Remote Desktop, AnyDesk, Everything, 7-Zip, and MEGAsync to stay stealthy and exfiltrate data. #NightSpire #ChromeRemoteDesktop #AnyDesk #MEGAsync #OneDrive
Keypoints
- NightSpire steals files before encrypting them and uses a Tor leak site for extortion.
- The ransomware affected at least 64 organizations across 33 countries in early 2025.
- It is a Go-based encryptor that appends the .nspire extension to locked files.
- Attackers used Chrome Remote Desktop and AnyDesk for persistence and stealth.
- They relied on Everything, 7-Zip, and MEGAsync to find, archive, and exfiltrate data.
Read More: https://www.picussecurity.com/resource/blog/nightspire-ransomware-attack-chain-tools-and-tactics