nightspire

Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.

Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.

Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.

/*
nightspire ransomware
*/

rule nightspire_Ransomnote
{
    meta:
        author = "ransomware.live"
        family = "ransomware.nightspire"
        description = "Detects nightspire ransomware ransom note or artifact"
        date = "2026-05-04"
        severity = 7
        score = 70

    strings:
        $name1 = "nightspire" ascii nocase
        $name2 = "NIGHTSPIRE" ascii
        $onion  = "nightspire.onion" ascii nocase

    condition:
        any of them
}

Conversaciones de rescate divulgadas, con fines de estudio defensivo. Contactos, enlaces y wallets redactados.

• #2025041838 mensajesno pagado
• #2025041809153838 mensajesinicial $84,442pagado
• #2025042859 mensajesno pagado
• #20250428052874259 mensajesinicial $85,000pagado

NightSpire Encryption Notice
Your internal servers and backup & virtual infrastructure have been fully compromised.
All your files encrypted by NIGHTSPIRE Ransomware.
You have 72 hours to respond.
The initial payment for decryption and file deletion is 30000 USD in Bitcoin.
This amount is based on your annual revenue, and this is notably less amount than all of your past hard work and effort to develop all of your products.
However, the amount can be renegotiated depending on the circumstances.
Our Discount Service Includes:
- If you respond within 48 hours, we will provide you 30% discount as service.
- If you respond within 24 hours, we will provide you 50% discount as service.
"The faster you pay, the lower the ransom." That's our motto.
Failure to cooperate will result in public disclosure.
We possess a complete list of files and document samples that serve as proof of the access.
You can see the decryption demo video and the list of copied files on our website.
------------------- About NightSpire – Cooperate: The Win-Win Resolution -------------------
Full Decryption Tool + Instructions: Universal binary decrypts all affected systems in hours.
Data Deletion Proof: Timestamped logs, blockchain-verified wipe certificates—your data erased forever.
Secrecy Assurances: No traces online; we expunge all references post-deal.
Bonus: Security Audit Report: Detailed breach vector analysis + fixes, valued at $50K+ from legit firms.
Payment Flexibility: Crypto (BTC We Offer), staged if needed—processed by our financial team.
NightSpire isn't a lone hacker in a basement. We're a structured syndicate with standard operating procedures, support desks, recruiters, and analysts—like a Fortune 500 but optimized for cyber efficiency. Our reputation demands we deliver: victims who pay get results, building trust for mutual long-term gains. Non-payment erodes that, but cooperation upholds it. Security researchers and reputation confirm, we're a fully fledged cyber group... built to monetize. We honor deals to ensure repeat business across the ecosystem.
--------------------------- WHAT HAPPENS IF YOU DON'T PAY -------------------------------
- The hacked news about your company will be posted on our Onion site.
- Source codes of your all software products will be open source.
- Your clients and partners may be notified about the data breach.
- The data may be shared or sold to third parties.
- You will permanently lose access to your encrypted data.
- We will not provide any decryption tools or support.
----------------------------------------- CAUTION ---------------------------------------------
>>> Important – Do Not
DO NOT modify files.
DO NOT use third-party tools.
Unncessary activities cause permanent loss of your data.
AES-256/RSA-4096 = impossible without our key.
>>> WARNING – NO INTERMEDIARIES
Do NOT use recovery or negotiation companies.
They are middlemen who profit from deception.
For example:
They charged victims $1M
Secretly negotiated with us for $200K
Kept $800K for themselves.
Contacting us directly = 5× lower cost.
Middlemen only steal from you.
Deal direct.
Pay less.
Resolve faster.
>>> IMPORTANT – INSURANCE NOTICE
Do NOT involve your cyber insurance company directly.
They will sabotage negotiations to avoid paying the full policy amount.
If your coverage is $10M, they will offer us $100K.
We will reject it.
They will refuse to increase.
Result: no payment, full data leak, total damage — for you.
If you anonymously inform us of your insurance limits and terms,
we will NOT exceed that amount in negotiations.
This guarantees:
• Fast resolution
• Data deletion
• Full decryption
• No public leak
Silence only benefits the insurer.
Transparency benefits you.
Choose wisely.
>>> CONSEQUENCES OF DATA LEAK
If your data is leaked:
• Government fines (GDPR, compliance, tax authorities)
• Lawsuits from clients and partners
• Criminal abuse of employee and customer identities
• Bank fraud, loan fraud, money laundering
• FBI investigat

• https://www.ransomware.live/group/nightspire

• Not Found
  8
• Transportation/Logistics
  4
• Manufacturing
  3
• Construction
  2
• Healthcare