The cyber threat landscape constantly evolves, bringing new risks for companies of every size. Recently, a group of cybercriminals made such a serious technical error that it rendered their own attack useless. This case demonstrates how, sometimes, even malicious actors can fall victim to their own programming mistakes.
The Nitrogen ransomware group, active since 2023 and evolved from the components of the notorious Conti malware, developed a variant of its malicious software to target ESXi systems (a type of virtualization infrastructure). However, this variant contains a critical flaw: during execution, a memory overlap causes a variable to overwrite the first four bytes of the public key used to encrypt files. As a result, the public key becomes corrupted and, never having been derived from a valid private key, makes data decryption impossible – even if the victim decided to pay the demanded ransom.
This technical error has important implications. Companies hit by the Nitrogen ransomware find themselves in a paradoxical situation: even if they wanted to give in to the extortionists’ demands, there is no possibility of recovering the encrypted data. Connor Co, an American wholesale trading company, was publicly claimed as a victim on January 27, 2026, but will likely be unable to recover its data due to this defect in the malware.
For organizations, this case underscores the fundamental importance of maintaining regular backups isolated from the main systems. Companies should also implement updated security solutions, especially to protect critical infrastructures like ESXi servers. It is also advisable to train staff on threat recognition and incident response procedures.
- Key points to remember:
- The Nitrogen group began extorting organizations around September 2024, but their ransomware contains a critical flaw that makes decryption impossible
- Paying the ransom in case of an attack with this ransomware is completely useless, as the data cannot be recovered
- Isolated backups and preventive measures remain the best defense against any type of ransomware
Sources:
https://www.bitdefender.com/en-us/blog/hotforsecurity/nitrogen-ransomware-esxi-bug-no-decryptor
https://www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
https://www.dexpose.io/nitrogen-ransomware-targets-connor-co-in-cyberattack/
https://databreaches.net/2026/02/06/nitrogens-ransomware-cant-be-decrypted-even-by-nitrogen/
Source: DataBreaches