Nitrogen ransomware is so broken even the crooks can't unlock your files

Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!

According to Coveware, which peered under the hood of Nitrogen's ransomware program, a programming error prevents the gang's decryptor from recovering victims' files, so paying up is futile.

The finding specifically concerns the group's malware that targets VMware ESXi. Coveware said that the program encrypts files with the wrong public key, making it impossible for the criminals to decrypt them, even if the victim pays for a decryption tool.

Nitrogen's malware makes the error of loading a new variable, a QWORD, into memory so that it overlaps with the public key.

Because the malware loads the public key at offset rsp+0x20 and the 8-byte QWORD at rsp+0x1c, it overwrites ...