Financial Services, Construction & Manufacturing Beware!

Blog Single

Nitrogen Ransomware Hits Financial Firms in UK, US & Canada – Is Australia Next in Line?

A new ransomware strain called Nitrogen is making waves – and not in a good way!

Since showing up in September 2024, it's been actively targeting financial institutions across the US, UK, and Canada, and experts are starting to wonder: Is Australia the next target?

What’s especially worrying about Nitrogen is how quickly it’s evolved. It kicks off attacks using “malvertising” – basically fake ads that show up in search results, tricking users into downloading malware disguised as legit software. Once it gets in, the malware doesn’t just sit there - it uses advanced tools to dig deeper into networks, move laterally, and keep itself alive.

Nitrogen doesn’t stop at just locking up data. It carefully picks out high-value targets and uses sophisticated techniques to avoid detection, like hijacking systems to turn off security tools. That level of stealth is usually seen in nation-state attacks.

So far, it’s hit companies in finance, construction, manufacturing, and tech. Despite the damage, there’s still a lot we don’t know about this group – most public insights come from a single report by StreamScan to date.

However, according to analysts researching Nitrogen, all activity to date points to a coordinated, ongoing operation, not a one-off attack.

How to Protect Against Nitrogen (and Ransomware in General)

Immediate Recommendations:

  • Block malicious domains and IPs known to be linked to Nitrogen.
  • Keep an eye on PowerShell, WMI, and DLL sideloading activity.
  • Educate your staff about phishing and social engineering tricks.
  • Subscribe to threat intel services to proactively hunt for signs of compromise.
  • Use DMARC, DKIM, and SPF to block fake email delivery tactics.
  • Patch vulnerabilities quickly – attackers love out-of-date systems.

Best Practices for All Ransomware Threats:

  • Back up your data regularly – and keep those backups offline. If ransomware hits, backups can mean the difference between recovery and disaster!
  • Use a central patch management system and prioritise updates based on risk.
  • Test your incident response plan If something breaks, how long can you stay operational? What’s the impact if you don’t?
  • Carry out Pen Testing regularly to make sure your defences hold up against real-world attacks.
  • Segment your network. Keep corporate systems separate from critical operations, especially in industries like manufacturing.
  • Train employees to spot phishing emails – it’s still the #1 attack vector!!!
  • Enable multi-factor authentication on anything exposed to the internet. Passwords alone just aren’t enough anymore.

The Bottom Line?

Nitrogen is the latest reminder that ransomware actors are only getting smarter and more aggressive. If your business hasn't updated its defences or undertaken a recent security check, now’s the time!

Speak to our team today – and stay in front of incoming threats!

Call Us Now!

Sources:

https://hackread.com/nitrogen-ransomware-targets-financial-firms-us-uk-canada/

GTIA ISAO – Article by Dylan Roth

https://streamscan.ai/en/ressources/analyse-du-rancongiciel-nitrogen/