Cybereason warns global critical infrastructure operators after attacks from Ragnar Locker Ransomware Gang

Cybereason warns global critical infrastructure operators after attacks from Ragnar Locker Ransomware Gang

Cybereason has issued a global Threat Analysis Report investigating the Ragnar Locker ransomware gang and its attacks on networks of global critical infrastructure operators.

Attacks from Ragnar Locker first emerged in 2019, and since its debut hundreds of companies have become victims of their ransomeware attacks. Cybereason has now assessed the threat level of Ragnar Locker ransomware attacks against critical infrastructure operators as HIGH.

After Ragnar Locker carried out more than 50 successful attacks against U.S. critical infrastructure operators, the FBI issued a Flash Advisory earlier this year warning the operators to increase their diligence against possible attacks. Recently, Ragnar Locker claimed responsibility for an attack on DESFA, Greece’s largest natural gas provider.

Ragnar Locker has also been using the double extortion scheme on their victims. Double extortion works when attackers penetrate a victim’s network, steal sensitive information by moving laterally through the organisation and threatening to publish the stolen data unless the ransom demand is paid.

Other key findings of the investigation include:

  • Security Evasion Capabilities: Ragnar Locker checks if specific products are installed, especially security products (antivirus), virtual-based software, backup solutions and IT remote management solutions.
  • Active for Three Years: Ragnar Locker is both a ransomware group and the name of the software in use. They have been running since 2019 and targeting critical industries. They use the double extortion scheme.
  • Excluding the Commonwealth of Independent States: Ragnar Locker avoids being executed from countries since the group is located in the Commonwealth of Independent States (CIS)

For more infromation on Ragnar Locker, read the report from Cybereason here.



Webinar: Upgrade your VMS with facial recognition, 29th Sept – sign up here!