Tech News
Back to home
Technology

Nitrogen ransomware programmers lock themselves out of a payment — key management bug encrypts victims' data forever

Source

Tom's Hardware

Published

TL;DR

AI Generated

A variant of Nitrogen ransomware has a key management bug that encrypts victims' data irreversibly, making it impossible to recover even if the ransom is paid. The specific strain targets VMware ESXi hypervisors, affecting virtual machines within them. Due to an error in the encryption process, the public key necessary for decryption is overwritten, rendering the data permanently inaccessible. Victims are advised to rely on backups as paying the ransom will not lead to data recovery. The bug highlights the unintentional consequences of coding errors in ransomware attacks.

Read Full Article

Similar Articles

The most severe Linux threat to surface in years catches the world flat-footed

The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux vulnerability, named CopyFail (CVE-2026-31431), has been disclosed by security researchers, allowing unprivileged users to gain root access across various Linux distributions. The exploit code, released by Theori, works universally without modification, posing a significant threat to data centers and personal devices. While the Linux kernel security team patched the vulnerability in several versions, many distributions had not yet implemented the fixes at the time of the exploit's release. This flaw enables attackers to execute malicious activities like hacking multi-tenant systems and creating backdoors, emphasizing the severity of the issue.

Ars Technica
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica
Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

The VECT ransomware, discovered in December 2025, contains a critical bug that turns it into a wiper, destroying files larger than 128KB and preventing decryption. Check Point Research found that the ransomware's flawed programming causes irreversible damage to encrypted files, rendering payment to unlock data ineffective. The ransomware's code also exhibits various other issues, leading researchers to speculate that it may have been partly generated with AI or based on outdated code. Despite these flaws, the group behind VECT appears sophisticated, with multi-platform capabilities and partnerships with other threat actors. The researchers warn that the group could potentially fix these issues and release a more effective version in the future, leveraging its existing distribution system to infect more systems.

Tom's Hardware
Open source package with 1 million monthly downloads stole user credentials

Open source package with 1 million monthly downloads stole user credentials

A widely used open source package with 1 million monthly downloads was compromised by threat actors exploiting a vulnerability in the developers’ account workflow, granting access to sensitive information. The malicious package, element-data 0.23.3, was distributed to users, collecting user credentials, API tokens, and more. Users who installed this version are advised to consider their credentials compromised. The attackers gained access through a GitHub action, allowing them to publish the malicious package. The developers swiftly removed the package, rotated credentials, and fixed the vulnerability.

Ars Technica

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.