The latest information about Nokoyawa ransomware gets uncovered

Nokoyawa Ransomware Malware Threat Group TTP Cyber Threat

Researchers claimed that the Nokoyawa ransomware showed similarities with the Hive group after noticing resemblances in their tricks, tactics, and procedures (TTPs). However, the researchers have taken a step back and reevaluated some things after separate researchers shared new details and discoveries on the Nokoyawa ransomware.


The Nokoyawa showed signs of being Hive related, but it turns out that it may be a separate and independent ransomware group.


The past research and analysis regarding the Nokoyawa ransomware had noted its similarities with Hive, but some researchers then labelled it a mere coincidence. Some of the indicators shared by both threats included the usage of the Cobalt Strike beacon and other authentic tolls such as anti-rootkit scanners for bypassing security solutions.

These similarities do not necessarily translate that the Nokoyawa is affiliated to Hive since these methods are also common to other groups. Overlaps in other infections process and tactics such as information collection, lateral movement, and propagation are still being observed by other researchers.

However, other researchers claimed that the Nokoyawa ransomware is an optimistic variant of Karma’s, another ransomware strain. Those who claim these findings indicated that both ransomware strains operate a multi-threaded encryption process by developing an I/O completion port to establish connections between the thread responsible for identifying files.

Researchers further proved the findings since they discovered that the public keys used by both ransomware for encryption and ransomware are hardcoded with Base64. The only thing that separates Nokoyawa from Karma is that they are not similar in ransom notes, except for the use of email as points for contact.

Ransomware attacks are still one of the most destructive malware strains worldwide due to their ability to compromise, breach, and leak critical information. As ransomware families continue to increase their numbers, evolve, nurture their capabilities, and expand their attack landscape, organizations should ensure that their critical data is safe from any threat attacks.

About the author

Leave a Reply