Security News > 2020 > November > FBI warns of increasing Ragnar Locker ransomware activity
The U.S. Federal Bureau of Investigation Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.
Ragnar Locker actors will manually deploy the ransomware payloads to encrypted the victims' systems after a reconnaissance stage to help them discover network resources, company backups, and various other sensitive files to be collected for data exfiltration.
After going through reconnaissance and pre-deployment stages, Ragnar Locker actors drop a highly targeted ransomware executable that adds a custom "RGNR" extension where is a hash of the computer's NETBIOS name.
The Ragnar Locker ransom notes include the victim's company name, a link to the Tor site, and the data leak site where the ransomware gang will publish the victim's data.
During the last year, the FBI has also issued warnings on LockerGoga, MegaCortex, Maze, Netwalker, and ProLock ransomware following a public service announcement regarding high-impact ransomware attacks against public and private U.S. organizations from October 2019.