Ragnar Locker Gang Warns Victims Not to Call the FBI

2021-09-07 22:41

All that the FBI/ransomware negotiators/investigators do is muck things up, so we're going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site.

To rub salt into the wounds of the companies that Ragnar Locker preys upon, the gang went on to refer to their victims as "Clients," as if any of their long list of targets had mulled it all over and decided that it was high time to have their files encrypted and their businesses paralyzed and had therefore contracted with the Ragnar Locker group to get the job done.

As the FBI explained in November 2020 in a flash alert about increased Ragnar Locker activity, the operators first get access to a victim's network and then carry out reconnaissance to locate network resources, backups, or other sensitive files they can encrypt and steal.

The ransomware has also been deployed within an attacker's custom Windows XP virtual machine on a target's site, according to the FBI. The alert followed the FBI's first observation of Ragnar Locker in April 2020, when the gang encrypted 10TB of data belonging to an unnamed, large corporation, demanding an $11 million ransom.

At the time, the FBI said that Ragnar Locker was increasingly being thrown at a range of victims, including cloud service providers, communication, construction, travel and enterprise software companies.

November 2020: Italian spirits brand Campari was attacked by a gang that used Ragnar Locker to encrypt most of Campari's servers.

News URL

https://threatpost.com/ragnar-locker-gang-dont-call-fbi-police/169266/

#FBI