Breaking

Ragnar Locker Ransomware hits 52 critical US infrastructure sectors

The Federal Bureau of Investigation (FBI) announced that Ragnar Locker Ransomware Gang has compromised 52 organizations and their networks that belong to several critical US infrastructure sectors. On a joint TLP:WHITE flash alert published by Cybersecurity and Infrastructure Security Agency (CISA) on Monday the same was revealed.

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by Ragnar Locker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” said the agency.

What is Ragnar Locker ransomware?

Ragnar Locker ransomware was first observed in April 2020. It uses the double extortion tactic, where the attacker first exfiltrates the organization’s business sensitive data then encrypts those data threatening to leak those data if the victim fails to pay the demanded ransom in time. So far, Ragnar Locker ransomware operators have infected ten victims and their data has been leaked online.

Ragnar Locker ransomware gang employs virtual machine images to deploy and execute payloads to avoid malware detection tools. The encryption mechanism used by the gang is Salsa20 encryption algorithm for files and RSA-2048 to encrypt file keys. Have been seen exploiting the CVE-2017-0213 vulnerability for elevated privileges to orchestrate their attack.

Ragnar Locker ransomware attack on 52 US organizations

The ransomware actors work with other ransomware operators frequently to modify their tactics and techniques to avoid malware detection tools.

The FBI and CISA wanted to provide the indicators of compromise (IOCs) that firms can use to identify and block Ragnar Locker ransomware threats. The IOCs include attack vector, infrastructure, Bitcoin address, and email address used by the threat actors.

Ragnar Locker ransomware and their attack vectors

Ragnar Locker ransomware gang are seen manipulating RMM software like ConnectWise, Kaseya that are used by MSPs to control client devices remotely. This attack vector allows the ransomware operators to evade malware detection and ensure the IT admins don’t get suspicious during their act of ransomware deployment. They do the double-extortion attack and publish the stolen data on their data leak site.

Ragnar Locker Ransomware data leak site

FBI requests for further details from IT professionals

The FBI has also requested IT admins and security professionals to share any Ragnar Locker ransomware related information with the local FBI Cyber Squad. Details like ransom demands, ransom notes, malicious activity timelines, payload samples, attack vector, devices targeted, vulnerability exploited and more.

The FBI also shared mitigation procedures to prevent such attacks and asked victims to report ransomware and other similar cyber incidents to their local FBI field office.

In recent times, multiple ransomware operators have been targeting organizations worldwide starting with AvosLocker ransomware, Babuk ransomware and Cuba ransomware last year followed by BlackByte ransomware attack on San Francisco 49rs this year.

It is the responsibility of US organizations to work together to understand the emerging cyber threats and build their defenses accordingly everyday.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends
John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!

Recent Posts

Patch My PC: Streamlined Software Management for ConfigMgr and Intune

Patch My PC is a widely-used solution that simplifies third-party application management by automating app…

21 hours ago

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

6 days ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

4 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago