Ransomware Intelligence

nitrogen

Ransomware group profile

19Victims
BulgariaSource country
80Impact score

Description

Nitrogen is a financially motivated ransomware group that emerged in 2023 and evolved into a full double-extortion operation by 2024. Known for its aggressive tactics, it utilizes malvertising campaigns and trojanized software installers for initial access, ultimately deploying its own ransomware strain that corrupts essential files, making recovery impossible.

Key insights

  • Utilizes malvertising campaigns to trick users into downloading compromised software.
  • Implements double-extortion tactics, encrypting data and threatening to leak sensitive information.
  • Employs custom loader malware and well-known tools like Cobalt Strike for persistence and lateral movement.
  • Encrypts files with a .nba extension, rendering recovery impossible due to flaws in its cryptographic implementation.
  • Targets various sectors including healthcare, manufacturing, and education.

Industries

Financial ServicesHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For nitrogen · Based on incidents in selected period

1.9threat level
Aggressiveness4.8/ 10
Lethality0/ 10
Criticality0.9/ 10

Status Breakdown

Claimed100.0%19
First seenJul 2025
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for nitrogen in the selected period

19Total attacks
4peak in Jan
1.9avg / month
↓ 2 vs first month
JulAugSepOctNovDecJanFebMarMay01234

Intelligence

IOCs, YARA/Sigma rules, and related families for nitrogen

  1. 57b01f5cb67fd1e0ed83de39a89239a39d39ca57
  2. 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
  3. b1144c0309b0544ca71c65c573e74ad78a0f7c54
  4. d3bbfad59878f2d66afbe15817fe06306391b545
  5. 1b0101fd2bbf84306e80bfe9ffbee5f1bbf7f201efa70b26263c17182f9db849
  6. 98fade1c41f92cabbdee7228373fe0e7e5b4c24a
  7. 86233a285363c2a6863bf642deab7e20f062b8eb
  8. 475d452989738c1e7512749959a2493af261c395a27957100203af721965304f
  9. b5d903d5c5d458aada4fc269099a27b3abb14c84
  10. b24f83140f5f56beeeec8d1125ca09dfa48615cbaad069387833008965792520
  11. 5537c708edb9a2c21f88e34e8a0f1744
  12. 18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88
  13. 9fdc236ec336be93c9566d61fae186faa56617f3
  14. 245ab9351948c33382c55e57d0c40cd83bb338d2d069a05605cd3cc72a65fe74
  15. c28d6cbbaa08f1522fd7b89d2f0cfe831604895b49a0abb44db110057b8cb4e8
  16. f91cbdd91e2daab31b715ce3501f5ea0
  17. 65378d87e37ce61a3ed443b30441b26d
  18. e6a498b89aa04d7c25cbfa96599a4cd9bdcc79e73bf7b09906e5ca85bda2bff6
  19. 1f8d8b9ec669ff3112e091db6fa2b163fc53aa9f8ddb03bd3042c017d1397a28
  20. 1ca67af90400ee6cbbd42175293274a0f5dc05315096cb2e214e4bfe12ffb71f
  21. 93f72ffa778f33e8cb26310381934c06
  22. bc9c5c8dfdcf0d2a321478207b0870274fba25b93075fc987768623237973646
  23. bd0d89275ec5d4fbe6bf8fad536c4702
  24. c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273
  25. f583b11e1b731878b87057ddec7ac45a91d3ffc8141baabcd85952600da8a2aa
  26. 404c22f0cdfc8eee2091e9234a7e04f1
  27. 4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669
  28. 0cf8f749123ea015cba3beb9b3c320f1f534df80
  29. ab366a7c4a343a798490c4451d1d8e42aea2b894cb3162b5c59e08d8507ffe2c
  30. 62d09f076e6e0240548c2f837536a46a
  31. 8cb89289bcfd1bfb96f5ea2dcd174be266cd50b5
  32. c5db4c757824227f8c2bb5894f1b03079b5f91ca
  33. a03b6516b95698b6f828c1fec18527d0
  34. 8c17b20b082fdfdabf1c5ea81baa4caf
  35. 91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f
  36. d236ec49c02d826328ad64fd36da30a6c1196ecd
  37. f81de79fba760c6f46f5942aef7bbd266809e3db
  38. 176175b7e5cae2de1dfaf0d0fcc99724
  39. f9a4237ad9a9b2117ebed2e1640bae46c3f31576422e800a752db10459802a6c
  40. 40d6e59b925f983b98477aaa317e71bd7b3e50f7
  41. 432d43d18e9284a27ca1f5a5f37901524e2d6c1a
  42. 1b01c860b8f473f7e363db47f6ab5686
  43. cbcd1d81f242de31fd683d5acbc70dca
  44. 26a162c003cb9d0829a1c20bfbbc20de
  45. 4212832505c40663f887c6197d19c2f8
  46. 72e04f1ecfa6ed1a9a066a847e250945ef42f5c8
  47. 9dcfc0ac60e09585824b8cc8c65e2618522853317f513cd2c9df325ca66c2fb3
  48. 0f7b6bb3a239cf7a668a8625e6332639
  49. 19016aeb7315c069a1897fae99f1fb1f6ca4aa99
  50. 55f3725ebe01ea19ca14ab14d747a6975f9a6064ca71345219a14c47c18c88be
  51. affd113b9ab3b2218b0b862436386472
  52. 06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b
  53. d2b4a4de3b1fc82562ca8f48d58e8e078b9ffb0b054b228cef1b43c3a5c5158a
  54. 779576719a9c400a7a4abed0386e2111eb331160572c91a2fd8eaa1a7d6e6c63
  55. 01d765b4a258c011248f32e198714132
  56. 9b7895c4a8a1f49a6db6385895fcf39ff63fbaa95e75b3f41a6a2505f5311bd3
  57. e79ec5ba0180607cf5910b2ce43ee60099f6bd42
  58. dde1b933aad33c5d96c2e45ad46434a200dc46a6
  59. efb2e11a69fb3ddec3df8a5a3fbe16e60e2335cb
  60. 97c636d3ec31cd21e118284c4c92e5bb
  61. fa3eca4d53a1b7c4cfcd14f642ed5f8a8a864f56a8a47acbf5cf11a6c5d2afa2
  62. e0fd8ff6d39e4c11bdaf860c35fd8dc0
  63. aaa10f4f5573081bc329fac78b0a244fef13d0d6
  64. d9a737c3c6962e1ba7b66d25e9613e20f4129ab8
  65. c09d63921f88e29a88ca214114caf417
  66. fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1
  67. bed8d1752a12e5681412efbb8283910857f7c5c431c2d73f9bbc5b379047a316
  68. 9509c13aa5ced390779130e211b2ea2cf020e7b1
  69. aa13b744626d3ac40ed3686a975ae4037b0b9c98027200212587e437b76a244f
  70. f7d70c16e814ec671ca962d80cc43613
  71. b5189876dfdbe889bba43f7702d1e61e61d48803c78ff78eab3f43b4fb0b3a22
  72. 092608555ab99a2d2011aeffbd1e8b47
  73. 26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b
  74. 688754743476df47e612190ef790105efab8c611a5b5e2cbecb3c6b764bb9dd7
  75. cb8c143814c2519a26dc850a3571e63dc390bd5c
  76. 2f66ef4531709d4de83ea42872e865d32b2a9b37dd97112398ec032a550ecf94
  77. 047a498789c653d0c0bbf8b6fda78dd553e88807
  78. 51da4b9aa541a6fc636a97d44ee265b4
  79. c0987ab723c595acd92d66c9fae0ff86562116be
  80. 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2
  81. 75a75ffe3a8b0774fc32aea19afa4642
  82. 20fd006056ae4eb684bcb2d58565bd60
  83. 9b82e6bde926ebce146e62293bd2d59d23218adaddfed0f8b132cb2eb2dedd72
  84. 7c0673bd04ec588670fe9e253d64d1d3
  85. 43da9453411f579a0b60c7ee664724d3d59afdc0
  86. b0c8744a03e9fbf541cf9d81da6f59f0
  87. 14d7f81bc8e4c78b09a09ba244c967fe
  88. f6d75ae082810bb21dc8e7769a2c8a5e
  89. 9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45
  90. 38f9da0372e0504179e0e588cafd8ab8
  91. 15c0e1e4ac847d0801d2dd51fd7fcc37671911c570b0dd74cf5ab05e80810552
  92. 647a20c0f712eab436d0d40754c393cba4c1e1d40e3177b09e39aaf297d0fdbd
  93. 407d292e41ada4c48c4c0c357455d129
  94. db95a4cb23548a635a1dfebcee9991cb
  95. c1a5c7d998a3e2c72738ad3a9159b1d2478ee81a71864b046bfc55f3e8f05f75
  96. 85eb41510e60350f6c9d42576964ffd4
  97. f81a4a25b9daa9e66dea7f64f5b1d1b3
View full IOC feed208 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for nitrogen

Other

T1486

T1486

T1490

T1490

T1078

T1078

T1562

T1562

T1071.001

T1071.001

T1059

T1059

T1218.011

T1218.011

T1021

T1021

T1547

T1547

T1080

T1080

Victims(19)

CompanyDomainCountryIndustryStatusDiscovered
FOXCONNfoxconn.comTW TaiwanManufacturing
Claimed
23 days ago
ENENSYS Technologiesenensys.comFR FranceTechnology
Claimed
3 months ago
DeWalch Technologies, Incdewalch.comUS United StatesTechnology
Claimed
4 months ago
LumioDentallumiodental.comUS United StatesHealthcare
Claimed
4 months ago
QualiChem Metalworkingqualichem.comUS United StatesManufacturing
Claimed
4 months ago
Connor Coconnorco.comUS United StatesProfessional Services
Claimed
4 months ago
Durashilohdurashiloh.comUS United StatesManufacturing
Claimed
5 months ago
Whitfield Welding Incwhitfieldwelding.comCA CanadaManufacturing
Claimed
5 months ago
Walters Group Incwaltersgroupinc.comUS United StatesManufacturing
Claimed
6 months ago
AvtechTyeeavtechtyee.comUS United StatesTechnology
Claimed
6 months ago
Golden Artist Colorsgoldenartistcolors.comUS United StatesManufacturing
Claimed
6 months ago
Black Hills Bentonitebhbentonite.comUS United StatesManufacturing
Claimed
7 months ago
Phillips Printing Companyphilprint.comUS United StatesManufacturing
Claimed
7 months ago
Heffner Toyota & Lexusheffner.caCA CanadaRetail & E-Commerce
Claimed
9 months ago
Ocean Edge Resort & Golf Cluboceanedge.comUS United StatesHospitality
Claimed
10 months ago
F&P Georgia Mfg Incfandpgeorgia.comUS United StatesManufacturing
Claimed
10 months ago
Palm Bay Internationalpalmbay.comUS United StatesRetail & E-Commerce
Claimed
11 months ago
Progressive Auto Groupprogressiveautogroup.comUS United StatesRetail & E-Commerce
Claimed
11 months ago
Kirkor Architects and Plannerskirkorarchitects.comCA CanadaProfessional Services
Claimed
11 months ago

Affected countries(43)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇫Afghanistan🇦🇱Albania🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇪🇪Estonia🇪🇬Egypt🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇷Croatia🇭🇺Hungary🇮🇳India🇮🇸Iceland🇮🇹Italy🇯🇵JapanKorea, Republic of🇱🇹Lithuania🇱🇺Luxembourg🇱🇻Latvia🇲🇪MontenegroMacedonia, the Former Yugoslav Republic of🇲🇽Mexico🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇱Poland🇵🇹Portugal🇷🇴RomaniaRussian Federation🇸🇮Slovenia🇸🇰Slovakia🇹🇭ThailandTaiwan, Province of China🇺🇸United States🇻🇳Vietnam🇿🇦South Africa