Security News > 2021 > October > FBI: Ranzy Locker ransomware hit at least 30 US companies this year
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors.
"Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021," the FBI said in a TLP: WHITE flash alert.
Most Ranzy Locker victims who reported attacks told the FBI that the operators breached their networks by brute-forcing Remote Desktop Protocol credentials.
Once inside a victim's network, Ranzy Locker operators will also steal unencrypted documents before encrypting systems on their victims' corporate networks, a tactic used by most other ransomware gangs.
The cybercrime group fixed the bugs and released a new version of their ransomware strain under the Ranzy Locker name.
The FBI also provides technical details regarding tactics used in Ranzy Locker attacks, recommended mitigations, as well as indicators of compromise and YARA rules that can be used to detect and defend against such attempts.
News URL
Related news
- FBI: BlackSuit ransomware made over $500 million in ransom demands (source)
- FBI: BlackSuit ransomware behind over $500 million in ransom demands (source)
- FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million (source)
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Ransom Cartel, Reveton ransomware owner arrested, charged in US (source)
- US accuses man of being 'elite' ransomware pioneer they've hunted for years (source)
- Alleged Karakut ransomware scumbag charged in US (source)
- US Marshals Service disputes ransomware gang's breach claims (source)
- FBI: RansomHub ransomware breached 210 victims since February (source)