Overview

In June 2023, the Cyclops ransomware was detected to have been rebranded as an enhanced rendition, named ‘Knight’, the key upgraded feature being an update to the lite encryptor to support a batch distribution of the malware2. A new data leak site was also launched.

Knight ransomware operators have been observed offering an information stealer malware that captures sensitive data from infected hosts within the attack chain of the ransomware deployment. The group has also been involved in double-extortion tactics, threatening to leak stolen data to pressure victims into paying the ransom. The ransomware encrypts files using advanced encryption algorithms, rendering them inaccessible until a ransom is paid3. The malware is distributed through various channels, including hacker forums and the Cyclops/Knight administrator panel. The malware shares similarities with other ransomware families like Babuk and LockBit.