Indicators of Compromise Associated with Ragnar Locker Ransomware
NJCCIC Advisory
Original Release Date: 11/20/2020
Summary
The FBI first observed Ragnar Locker ransomware in April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data. Since then, Ragnar Locker has been deployed against an increasing list of victims, including cloud service providers, communication, construction, travel, and enterprise software companies. The FBI is providing details of Ragnar Locker ransomware to assist with understanding the code and identifying the activity. Ragnar Locker actors first obtain access to a victim’s network and perform reconnaissance to locate network resources, backups, or other sensitive files for data exfiltration. In the final stage of the attack, actors manually deploy the ransomware, encrypting the victim’s data.
This FBI FLASH contains technical details, recommended mitigations, and is being provided to assist cybersecurity professionals guard against the persistent malicious actions of cyber actors.
Reporting
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form by clicking here.
Please do not hesitate to contact us at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts please visit cyber.nj.gov
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.