Security News > 2022 > March > Ragnar ransomware gang hit 52 critical US orgs, says FBI
The Ragnar Locker ransomware gang has so far infected at least 52 critical infrastructure organizations in America across sectors including manufacturing, energy, financial services, government, and information technology, according to an FBI alert this week.
The crew steals sensitive data, encrypts the victim's systems, and threatens to leak the stolen documents if the ransom to restore the files isn't paid.
To date, Ragnar Locker has posted stolen data from at least ten organizations on its publicity site, according to Acronis.
The Ragnar Locker malware uses Windows API GetLocaleInfoW to identify the infected machine's location.
As the ransomware is deployed, it kills services commonly used by managed service providers to remotely control networks and attempts to silently delete all shadow copies of documents so that users can't recover encrypted files.
Finally, Ragnar Locker encrypts organizations' data.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/09/fbi_says_ragnar_locker_ransomware/
Related news
- US charges operators of cryptomixers linked to ransomware gangs (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)