Ransomware Group

Nokoyawa

Also known as: Nevada Ransomware

Status: active • First seen 2022-02150+ known victims

Nokoyawa is particularly dangerous because they use secret Windows bugs that even Microsoft does not know about yet. This means they can break into computers even if you have all your updates installed.

Overview

Nokoyawa is a ransomware strain that gained notoriety for using zero-day exploits in Windows CLFS (Common Log File System). The group demonstrated sophisticated capabilities by exploiting vulnerabilities before patches were available.

Target Industries

Retail, Energy, Manufacturing, Professional Services

How They Attack

  • Zero-day exploitation
  • Windows CLFS exploits
  • Credential theft
  • Double extortion

Notable Victims

Multiple retailers (2023), Energy sector organizations

Is your business exposed?

How to Protect Against Nokoyawa

  1. 1.

    Apply Windows patches immediately when released

  2. 2.

    Deploy EDR with behavioral analysis

  3. 3.

    Implement Windows attack surface reduction rules

MITRE ATT&CK Techniques

T1068, T1003, T1486, T1490

Related Groups

Hive, Royal

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices