Nevada Ransomware, Nokoyawa Variant
ID: 16686b0f-a037-59ef-91c2-019bae3a697f
STIX ID: report--16686b0f-a037-59ef-91c2-019bae3a697f
Feed Name: Zscaler Security Research Blog
Technical analysis of the Nokoyawa ransomware family (versions 1.0, 1.1, 2.0 and 2.1/Nevada) describing differences and similarities across builds: encryption schemes (SECT233R1 and Curve25519 with per-file Salsa20 keys), implementation languages (C/C++ and Rust), configuration formats, command-line options (including safe-mode, --file/--dir/--config), shadow-copy deletion via IOCTL_VOLSNAP, CIS-region checks to avoid certain locales, and other operational details such as CIS exclusions, debug strings, and hardcoded vs. configurable parameters.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.