Ransomware Group

Nikki

Also known as: NikkiVirus, NikkiLocker

Status: active • First seen 2024-06150+ known victims

Nikki ransomware is a newer gang that goes after smaller companies that might not have strong security. They get in through fake emails or old VPN software that was not updated.

Overview

Nikki is an emerging ransomware operation targeting small and medium businesses through phishing campaigns and exploitation of unpatched VPN appliances. They operate a RaaS model with affiliates.

Target Industries

Manufacturing, Retail, Healthcare, Professional Services

How They Attack

  • Phishing emails
  • VPN exploitation
  • RaaS model
  • Double extortion

Notable Victims

Multiple SMBs (2024-2025)

Is your business exposed?

How to Protect Against Nikki

  1. 1.

    Patch VPN appliances within 24 hours of critical updates

  2. 2.

    Implement email security gateway

  3. 3.

    Maintain offline backups

MITRE ATT&CK Techniques

T1566, T1190, T1486, T1567

Related Groups

Akira, Bianlian

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices