Ransomware Intelligence

nitrogen

Ransomware group profile

20Victims
BulgariaSource country
81Impact score

Description

Nitrogen is a financially motivated ransomware group that emerged in 2023 and evolved into a full double-extortion operation by 2024. Known for its aggressive tactics, it utilizes malvertising campaigns and trojanized software installers for initial access, ultimately deploying its own ransomware strain that corrupts essential files, making recovery impossible.

Key insights

  • Utilizes malvertising campaigns to trick users into downloading compromised software.
  • Implements double-extortion tactics, encrypting data and threatening to leak sensitive information.
  • Employs custom loader malware and well-known tools like Cobalt Strike for persistence and lateral movement.
  • Encrypts files with a .nba extension, rendering recovery impossible due to flaws in its cryptographic implementation.
  • Targets various sectors including healthcare, manufacturing, and education.

Industries

Financial ServicesHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For nitrogen · Based on incidents in selected period

2threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality0.8/ 10

Status Breakdown

Claimed100.0%20
First seenJul 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 20, 2026

Recent activity

Monthly attack count for nitrogen in the selected period

20Total attacks
4peak in Jan
1.8avg / month
↓ 2 vs first month
JulAugSepOctNovDecJanFebMarMayJun01234

Intelligence

IOCs, YARA/Sigma rules, and related families for nitrogen

  1. 57b01f5cb67fd1e0ed83de39a89239a39d39ca57
  2. 1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
  3. f4febc55ea12b31ae17cfb7e614afda8
  4. b1144c0309b0544ca71c65c573e74ad78a0f7c54
  5. d3bbfad59878f2d66afbe15817fe06306391b545
  6. 1b0101fd2bbf84306e80bfe9ffbee5f1bbf7f201efa70b26263c17182f9db849
  7. 98fade1c41f92cabbdee7228373fe0e7e5b4c24a
  8. 86233a285363c2a6863bf642deab7e20f062b8eb
  9. 475d452989738c1e7512749959a2493af261c395a27957100203af721965304f
  10. b5d903d5c5d458aada4fc269099a27b3abb14c84
  11. 365062334429339b5aa3610d7aa69552
  12. b24f83140f5f56beeeec8d1125ca09dfa48615cbaad069387833008965792520
  13. 5537c708edb9a2c21f88e34e8a0f1744
  14. 321d077348140dd7967ce6d0832bab582dce3990
  15. 9941c3e3422e50997a853710f438b44182da08eb
  16. 9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b
  17. 18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88
  18. 245ab9351948c33382c55e57d0c40cd83bb338d2d069a05605cd3cc72a65fe74
  19. c28d6cbbaa08f1522fd7b89d2f0cfe831604895b49a0abb44db110057b8cb4e8
  20. f91cbdd91e2daab31b715ce3501f5ea0
  21. 65378d87e37ce61a3ed443b30441b26d
  22. e6a498b89aa04d7c25cbfa96599a4cd9bdcc79e73bf7b09906e5ca85bda2bff6
  23. 1f8d8b9ec669ff3112e091db6fa2b163fc53aa9f8ddb03bd3042c017d1397a28
  24. 21fb4fdce85ab75430e18d9362a35f61dcaeb628c28836403472c054d6ceab8c
  25. 1ca67af90400ee6cbbd42175293274a0f5dc05315096cb2e214e4bfe12ffb71f
  26. 93f72ffa778f33e8cb26310381934c06
  27. bc9c5c8dfdcf0d2a321478207b0870274fba25b93075fc987768623237973646
  28. 9d00158489f0a399fc0bc3ce1e8fc309d29a327f6ea0097e34e0f49b72a85079
  29. bd0d89275ec5d4fbe6bf8fad536c4702
  30. c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273
  31. 404c22f0cdfc8eee2091e9234a7e04f1
  32. 4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669
  33. 3080f110e10afb015f9c864cc09763a185166439bad594a03eb7d258fc1d5978
  34. 0cf8f749123ea015cba3beb9b3c320f1f534df80
  35. ab366a7c4a343a798490c4451d1d8e42aea2b894cb3162b5c59e08d8507ffe2c
  36. 62d09f076e6e0240548c2f837536a46a
  37. 8cb89289bcfd1bfb96f5ea2dcd174be266cd50b5
  38. c5db4c757824227f8c2bb5894f1b03079b5f91ca
  39. a03b6516b95698b6f828c1fec18527d0
  40. 8c17b20b082fdfdabf1c5ea81baa4caf
  41. 91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f
  42. d236ec49c02d826328ad64fd36da30a6c1196ecd
  43. f81de79fba760c6f46f5942aef7bbd266809e3db
  44. 176175b7e5cae2de1dfaf0d0fcc99724
  45. f9a4237ad9a9b2117ebed2e1640bae46c3f31576422e800a752db10459802a6c
  46. 5fbe9d41a2db95b22aa2e8a5a89afbfe62b53baaa8bd00fe9c1a15bac614454b
  47. 432d43d18e9284a27ca1f5a5f37901524e2d6c1a
  48. cbcd1d81f242de31fd683d5acbc70dca
  49. 72e04f1ecfa6ed1a9a066a847e250945ef42f5c8
  50. 9dcfc0ac60e09585824b8cc8c65e2618522853317f513cd2c9df325ca66c2fb3
  51. 0f7b6bb3a239cf7a668a8625e6332639
  52. 19016aeb7315c069a1897fae99f1fb1f6ca4aa99
  53. 1fc4b5f64412e2ee1b14936a59b7becb250a06906d2ccf318d526cf8e5946072
  54. 55f3725ebe01ea19ca14ab14d747a6975f9a6064ca71345219a14c47c18c88be
  55. 06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b
  56. d2b4a4de3b1fc82562ca8f48d58e8e078b9ffb0b054b228cef1b43c3a5c5158a
  57. 779576719a9c400a7a4abed0386e2111eb331160572c91a2fd8eaa1a7d6e6c63
  58. 01d765b4a258c011248f32e198714132
  59. 9b7895c4a8a1f49a6db6385895fcf39ff63fbaa95e75b3f41a6a2505f5311bd3
  60. dde1b933aad33c5d96c2e45ad46434a200dc46a6
  61. efb2e11a69fb3ddec3df8a5a3fbe16e60e2335cb
  62. 97c636d3ec31cd21e118284c4c92e5bb
  63. e0fd8ff6d39e4c11bdaf860c35fd8dc0
  64. 4811f317e933d13961b9cc8b38d41d4fae67dcc5
  65. aaa10f4f5573081bc329fac78b0a244fef13d0d6
  66. d9a737c3c6962e1ba7b66d25e9613e20f4129ab8
  67. c09d63921f88e29a88ca214114caf417
  68. fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1
  69. 203dd619f92192331f488854ccde6178
  70. bed8d1752a12e5681412efbb8283910857f7c5c431c2d73f9bbc5b379047a316
  71. aa13b744626d3ac40ed3686a975ae4037b0b9c98027200212587e437b76a244f
  72. f7d70c16e814ec671ca962d80cc43613
  73. b5189876dfdbe889bba43f7702d1e61e61d48803c78ff78eab3f43b4fb0b3a22
  74. 092608555ab99a2d2011aeffbd1e8b47
  75. e48e9f4b2cccea896e0685e3d1c8fc6fe4a25c4bdbe81704c5a15613cc223d85
  76. 342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f
  77. 26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b
  78. 688754743476df47e612190ef790105efab8c611a5b5e2cbecb3c6b764bb9dd7
  79. cb8c143814c2519a26dc850a3571e63dc390bd5c
  80. b97d2acda8170017cad8f80301f4ccdad5aa3510
  81. c0987ab723c595acd92d66c9fae0ff86562116be
  82. 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2
  83. 75a75ffe3a8b0774fc32aea19afa4642
  84. 57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc
  85. fb9e2d47de8c34eb8354f985394c616cb5858dafb87e125a71464e9da86380db
  86. 2f72cdb938bf9f81be1230b091c8bc01
  87. 20fd006056ae4eb684bcb2d58565bd60
  88. 9b82e6bde926ebce146e62293bd2d59d23218adaddfed0f8b132cb2eb2dedd72
  89. 7c0673bd04ec588670fe9e253d64d1d3
  90. 43da9453411f579a0b60c7ee664724d3d59afdc0
  91. b0c8744a03e9fbf541cf9d81da6f59f0
  92. f6d75ae082810bb21dc8e7769a2c8a5e
  93. 9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45
  94. 38f9da0372e0504179e0e588cafd8ab8
  95. 15c0e1e4ac847d0801d2dd51fd7fcc37671911c570b0dd74cf5ab05e80810552
  96. 647a20c0f712eab436d0d40754c393cba4c1e1d40e3177b09e39aaf297d0fdbd
  97. 407d292e41ada4c48c4c0c357455d129
  98. d4f8a2eb93f2ba2e631810fd82f23d6c
  99. db95a4cb23548a635a1dfebcee9991cb
  100. c98aacc9324529002a8610c1893b3d4c0dc779da
  101. c1a5c7d998a3e2c72738ad3a9159b1d2478ee81a71864b046bfc55f3e8f05f75
  102. 85eb41510e60350f6c9d42576964ffd4
  103. f81a4a25b9daa9e66dea7f64f5b1d1b3
View full IOC feed220 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for nitrogen

Other

T1486

T1486

T1490

T1490

T1078

T1078

T1562

T1562

T1071.001

T1071.001

T1059

T1059

T1218.011

T1218.011

T1021

T1021

T1547

T1547

T1080

T1080

Victims(20)

CompanyDomainCountryIndustryStatusDiscovered
Pyramidpyramidmg.comUS United States
Claimed
18 days ago
FOXCONNfoxconn.comTW TaiwanManufacturing
Claimed
about 1 month ago
ENENSYS Technologiesenensys.comFR FranceTechnology
Claimed
3 months ago
DeWalch Technologies, Incdewalch.comUS United StatesTechnology
Claimed
4 months ago
LumioDentallumiodental.comUS United StatesHealthcare
Claimed
5 months ago
QualiChem Metalworkingqualichem.comUS United StatesManufacturing
Claimed
5 months ago
Connor Coconnorco.comUS United StatesProfessional Services
Claimed
5 months ago
Durashilohdurashiloh.comUS United StatesManufacturing
Claimed
5 months ago
Whitfield Welding Incwhitfieldwelding.comCA CanadaManufacturing
Claimed
5 months ago
Walters Group Incwaltersgroupinc.comUS United StatesManufacturing
Claimed
6 months ago
AvtechTyeeavtechtyee.comUS United StatesTechnology
Claimed
7 months ago
Golden Artist Colorsgoldenartistcolors.comUS United StatesManufacturing
Claimed
7 months ago
Black Hills Bentonitebhbentonite.comUS United StatesManufacturing
Claimed
8 months ago
Phillips Printing Companyphilprint.comUS United StatesManufacturing
Claimed
8 months ago
Heffner Toyota & Lexusheffner.caCA CanadaRetail & E-Commerce
Claimed
9 months ago
Ocean Edge Resort & Golf Cluboceanedge.comUS United StatesHospitality
Claimed
10 months ago
F&P Georgia Mfg Incfandpgeorgia.comUS United StatesManufacturing
Claimed
11 months ago
Palm Bay Internationalpalmbay.comUS United StatesRetail & E-Commerce
Claimed
11 months ago
Progressive Auto Groupprogressiveautogroup.comUS United StatesRetail & E-Commerce
Claimed
11 months ago
Kirkor Architects and Plannerskirkorarchitects.comCA CanadaProfessional Services
Claimed
12 months ago

Affected countries(43)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇫Afghanistan🇦🇱Albania🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇪🇪Estonia🇪🇬Egypt🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇷Croatia🇭🇺Hungary🇮🇳India🇮🇸Iceland🇮🇹Italy🇯🇵JapanKorea, Republic of🇱🇹Lithuania🇱🇺Luxembourg🇱🇻Latvia🇲🇪MontenegroMacedonia, the Former Yugoslav Republic of🇲🇽Mexico🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇱Poland🇵🇹Portugal🇷🇴RomaniaRussian Federation🇸🇮Slovenia🇸🇰Slovakia🇹🇭ThailandTaiwan, Province of China🇺🇸United States🇻🇳Vietnam🇿🇦South Africa