This post may contain affiliate links, please read our affiliate disclosure to learn more.
Knight Ransomware

Knight Ransomware Source Code Available for Sale

 By Nataly Vovk | Threat Intelligence Analyst
 Published on February 21st, 2024

The representative of the Knight ransomware is currently marketing the source code for its third version exclusively to one purchaser on a hacker forum.

Key Takeaways

  • A representative of the Knight ransomware is offering the source code for its third iteration exclusively to a single buyer, emphasizing the desire to maintain its exclusivity and value.
  • Knight ransomware was launched in the summer of 2023, targeting Windows, macOS, and Linux systems and offering a ransomware-as-a-service (RaaS) model.
  • The new version of the ransomware was released in November 2023. Key enhancements included 40% faster encryption rates and an updated ESXi module for better compatibility.
  • Ransomware remains a top threat to businesses worldwide.

The emergence of Knight ransomware in the summer of 2023 marked a new phase in ransomware threats, targeting Windows, macOS, and Linux systems. It quickly drew attention by offering info stealers and a lite encryptor to affiliates, continuing the Ransomware-as-a-Service (RaaS) model initiated by its predecessor, Cyclops.

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

A notable development in the evolution of ransomware was observed when the new version made enhancements, such as 40% faster encryption rates, an updated ESXi module for improved compatibility, and other significant upgrades. The new version of Knight ransomware was advertised on November 2023 on the dark web forum RAMP, where a user believed to be associated with Knight ransomware offered the new version v.3.0 of the ransomware package to affiliates. Affiliates are cybercriminals who partner with the RaaS operators to conduct ransomware attacks.

However, On February 18, 2024, a threat actor, aka Cyclops, linked to the Knight ransomware syndicate, posted an ad selling Knight 3.0 ransomware’s source code, including the control panel and the encryption mechanism. Although no specific price was mentioned, the emphasis was on selling the source code to a solitary buyer to maintain its exclusivity and value.

The motivation behind selling the Knight ransomware source code remains speculative. However, the decision to sell the source code exclusively to a single buyer, particularly one who is respected within the hacker community, indicates the potential for this buyer to either deploy this advanced ransomware in intricate attacks across various systems or enhance the ransomware’s functionalities.

The sale’s exclusive nature aims to preserve the code’s worth, which could result in its application in targeted, significant cyberattacks rather than a broad dissemination.

Ransomware continues to pose a significant threat to businesses worldwide, and the average cost of an incident reaches $4.5 million.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top