Night Sky Ransomware

Night Sky Ransomware has recently emerged, more exactly on December 28, 2021, making attacks on two large companies, one of them is TGC (Tokyo Computer Service) one of the largest computer companies in Japan and AKIJ Group, one of the largest industrial conglomerates in Blangadesh.

TGC’s servers that were hit by the ransomware contained employee data and other confidential files. According to the group, all the files were encrypted and a portion extracted to be used as blackmail.

Night Sky works in a way we’ve seen in other groups, working as follows, if the victim contacts within 3 days of encryption the ransom amount drops considerably. If the company is unwilling to comply with the group’s requests, the stolen data is leaked on the group’s website.

If there is no communication with the group after a week, the communication account is deactivated, each company attacked has a specific means of communication, usually, communications are made via email (

This ransomware encrypts data from compromised corporate computers using a combination of AES + RSA algorithms and demands a ransom in BTC (Bitcoin) for the decryption key to be released.

Night Sky ransomware spreads via unsecured RDP configurations, spam and malicious email attachments, phishing, fake downloads, botnets, exploits, malicious ads, web injection, fake updates, repackaged and infected installers.

Ransomware Night Sky

Recover Files Encrypted by Night Sky Ransomware

Digital Recovery specialises in recovering data encrypted by ransomware of any length and variant, on any storage device, such as HDDs, SSDs, Databases, Virtual Machines, Storages, Servers, RAID Systems and others.

We have developed our own technologies for data recovery, among them is the Tracer, with which we have achieved good results in data recovery. Besides the Tracer, we have an exclusive technology that allows us to recover encrypted data remotely from anywhere in the world.

In emergency mode our labs work with 24/7 availability, the client decides if they want to activate this recovery mode, in this mode, the duration of the process is drastically reduced.

All our processes have been developed in accordance with the General Data Protection Regulation (GDPR) and we make available to all our clients the confidentiality agreement (NDA).

Start the recovery process now, contact our experts.

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.