EndPoint, formerly known as Midnight, is a Babuk-derived ransomware family that targets Windows, ESXi, and NAS environments and uses double extortion through encryption and data-leak threats. The malware supports argument-controlled encryption scope, deletes volume shadow copies, stops backup and security services, uses ChaCha20 with custom RSA key protection, and applies partial encryption to improve speed. AhnLab notes that a previously observed ransom note used `[email protected]`, an account identified as used by North Korea-linked threat actors since 2024, but the report stops short of attributing EndPoint itself to a specific DPRK actor. The report provides four MD5 hashes and defensive guidance focused on isolated backups, recovery testing, patching, and strong authentication.