NightSpire Extortion Group
Threat Content Highlights
Threat Profiles
- “Trending & Emerging Threats” weekly update: NightSpire Extortion Group
- NightSpire is a new extortion group active in the ransomware ecosystem since early March 2025.
- It is associated with the Rbfs ransomware group and is known for targeting various sectors opportunistically, primarily seeking to exfiltrate sensitive information and monetize through extortion or by selling the victim’s data.
- In April 2025, NightSpire ranked among the top extortion groups that publicly claim victims, a newcomer to this list of top groups.
- NightSpire is notable for emphasizing victim data exfiltration and uses multiple free/publicly available tools to accomplish this objective.
- This Threat Profile includes the TTPs associated with NightSpire operators as well as those supporting tools, including the newly added “Everything” discovery tool.
- Monthly updates to Tidal-curated Threat Profiles: Major & Emerging Ransomware and Extortion Threats, Tidal Trending Techniques, Sector Threat Profiles, Capability Types, & Technology Tags