Criminals discovered victims would be more likely to pay ransoms if they could establish some form of reputability beforehand.
No matter how much work we put into writing this report, before you start reading, make sure your data is backed up safely! Part I: Three preconceived ideas about ransomware Idea #1: Ransomware gangs are gangsĪlong with the rise of big-game hunting in 2020, we saw the emergence of a number of high-profile groups in the ransomware world. And finally, we conclude with a look at two high-profile ransomware brands: REvil and Babuk. Next, we dive deep into the darknet to demonstrate how cybercriminals interact with each other and the types of services they provide. In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized.įirst, we will debunk three preconceived ideas that obstruct proper thinking on the ransomware threat. Yet, much of the media attention ransomware gets is focused on chronicling which companies fall prey to it.
Year after year, the attackers have grown bolder, methodologies have been refined and, of course, systems have been breached. The threat may have been around a long time, but it’s changed. The FBI urges organizations and victims to report ransomware attacks immediately to their local field office rather than paying the ransom to “criminal actors.” Before taking such decisions, executives should weigh all available options to “protect their shareholders, employees, and customers.As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. The attack on Colonial Pipeline and many other high-profile firms validate the claim that threat actors are increasingly targeting these organizations because of their operational significance as they can’t afford downtown and usually give in to the attackers’ demand. In the past few years, critical infrastructure organizations have become a key target of choice for ransomware operators. Ragnar Locker ransomware gang steal 10 TB of data from energy giantĬritical Infrastructure Orgs under Threat.Ragnar Locker ransomware gang using Facebook ads to extort victims.Ragnar Locker ransomware hits Capcom Gaming details leaked.Ragnar Locker ransom note (Image: Blackberry) More Ragnar Locker Ransomware Attacks Moreover, the gang uses the Salsa20 encryption algorithm and RSA-2048 to encrypt file keys and obtains privilege escalation through COM objects by exploiting the CVE-2017-0213 vulnerability. The attackers steal data, encrypt the compromised systems, and threaten their victims to leak the stolen files if they refuse to pay the ransom.Īccording to cyber security researchers, the Ragnar Locker ransomware gang uses a specially designed virtual machine image to execute payload while evading anti-malware detection. The FBI explained that the Ragnar Locker gang excels in double extortion techniques. The gang also joined a ransomware cartel with SunCrypt, Maze, LockBit, and Conti. The infamous group came under the FBI’s radar in April 2020 when the gang influenced the attack tactics of other ransomware groups like Maze. It is speculated that one of the targeted organizations was the high-profile firm Capcom and the attack affected around half a million individuals.
However, the agency didn’t release details of the impacted entities. These include energy, manufacturing, government, information tech, finance, etc. Ten Different Sectors TargetedĪccording to the FBI’s advisory, Ragnar Locker ransomware operators have targeted ten different sectors. On Monday, the Federal Bureau of Investigation (FBI) released a FLASH advisory disclosing that the Ragnar Locker ransomware gang has targeted at least 52 critical infrastructure organizations in America as of January 2022. According to the FBI’s advisory, Ragnar Locker ransomware operators have targeted ten different sectors including energy, manufacturing, government, information tech, finance, etc.