logo

Crypto Guest at Dawn Endpoint (Midnight) ransomware analysis

ID: 91e3b9b4-6601-5e26-88ed-37a6c47bffed

STIX ID: report--91e3b9b4-6601-5e26-88ed-37a6c47bffed

Feed Name: ASEC

Threat Score
78/100

Date Published: 2026-05-20

Date Updated: 2026-06-03

Author: ATCP

...
...

EndPoint (aka Midnight) is a Babuk-derived ransomware that targets Windows, ESXi, and NAS systems using a double-extortion model (file encryption plus data theft). It employs ChaCha20 symmetric encryption with an RSA-wrapped session key, partial-file encryption to speed processing, and operational techniques to hinder recovery (terminating backup/DB processes, deleting VSS snapshots, using a mutex and exclusion lists). Victims receive a How To Restore Your Files.txt ransom note with Tox-based contact instructions and sample MD5 indicators are provided; recommendations include offsite backups, patching, security updates, and recovery drills.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.