The FBI has recently claimed that one of the most prolific online cybercriminal groups, the Ragnar Locker ransomware gang, has successfully infiltrated the networks of more than 50 US organizations from various critical infrastructure sectors.
The agency released a joint “TLP:WHITE” flash alert with the CISA on Monday that details how they were able to successfully uncover the traces and evidence of the threat actors.
In the flash alert report, it has been claimed that at least 52 US organizations from 10 critical infrastructure sectors include the entities from the following segments:-
- Manufacturing sectors
- Energy sectors
- Financial services
- Government sectors
- IT sectors
Moreover, to avoid detection, the operators of RagnarLocker ransomware always keep changing or modifying their obfuscation techniques, and this variation makes them more stealthy.
While the FBI has asserted that the flash alert is mainly focused on the IOCs so that the affected and other companies can use them to detect and block further attacks of Ragnar Locker ransomware.
In IOCs associated with Ragnar Locker, all the data and info available:-
- Affected infrastructure
- Bitcoin addresses used
- Email addresses used
Info & Data Request
In April 2020, the FBI first became aware of Ragnar Locker ransomware, and the payloads of Ragnar Locker ransomware were observed in late December 2019.
The FBI and security experts always recommend users not to pay any ransom to the threat actors since doing so encourages the other threat actors to target other organizations and execute fund illicit activities.
Apart from this, even after paying the ransom amount to the attacker, there is no guarantee for the recovery of hacked data.
That’s why the FBI has requested security experts and web admins to share each and every possible piece of data related to the Ragnar Locker activity.
The operators of Ragnar Locker includes the following key things:-
- Copies of the ransom notes
- Ransom demands
- Malicious activity timelines
- Payload samples
The cybersecurity experts have recommended a few mitigations, and here they are mentioned below:-
- Always keep a backup of your critical data offline.
- Make sure that all the copies of critical data are in the cloud or on an external hard drive.
- Always use multi-factor authentication.
- Always keep your system and installed software up-to-date.
- Disable all the unused RDP ports and monitor all the RDP logs.
- Implement network segmentation.