Sunday, January 24, 04:30
Home security FBI: Warns of increased activity of Ragnar Locker ransomware

FBI: Warns of increased activity of Ragnar Locker ransomware

The FBI Cyber ​​Division warns of increased activity of Ragnar Locker ransomware.

The emergency warning was issued by the FBI in collaboration with DHS-CISA and provides professionals security and system administrators information for ransomware and protection tips.

"The FBI first spotted Ragnar Locker ransomware in April 2020, when unknown criminals used it to encrypt the files of a large company for about $ 11 million and threatened to leak sensitive corporate data. data size 10 TB" says the FBI.

"Since then, Ragnar Locker ransomware has been used against a large list of victims, including cloud service providers, Companies communications, construction, travel and Companies providing corporate software".

Ragnar Locker ransomware

Ragnar Locker ransomware: Tactics

Initially, the gang behind ransomware investigates victims' networks to find network resources, backups and various other sensitive files. The hackers steal the files to be able to threaten the victims that these data will be published in case the ransom is not paid. After stealing the archives, the criminals install ransomware payload to encrypt the corporate network.

The Ragnar Locker ransomware gang is also known, for the frequent alternation of “payload obfuscation” techniques to avoid detection, as well as for the use of custom packing algorithms and for encrypting files from virtual machines Windows XP.

Also, ransomware has the ability to stop services used by MSPs to manage their client networks remotely.

After the first steps are taken, the hackers of Ragnar Locker install a highly targeted executable ransomware that adds the “RGNR_” extension.

This ransomware has a built-in RSA-2048 key and displays ransom notes. Ragnar Locker ransom notes include the victim's name, a link to the Tor site and one to the leak site data where the ransomware gang will publish the victim's data if ransom is not paid.


Attack in Portuguese Energy (EDP)

The FBI did not provide further details about the big one company who fell victim to Ragnar Locker ransomware in April. However, the data fits perfectly with one attack on energy company Energias de Portugal (EDP).

EDP ​​is one of the largest energy providers in Europe and serves around 11 million customers in 19 countries and on 4 continents.

The Ragnar Locker gang managed to steal confidential corporate data (10 TB). Some of them were related to contracts with clients and partners. The hackers also stole a database containing login names, passwords, accounts, URLs and notes of EDP staff.

However, an EDP spokesman told BleepingComputer that the attack had no impact on critical infrastructure and the electricity service.

The FBI often issues warnings about various threats. In the last year, it has warned US companies about other ransomware, such as LockerGoga, MegaCortex, Maze, Netwalker and ProLock.

Source: Bleeping Computer


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...

Elon Musk: Gives $ 100 million for best CO2 capture technology Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...