<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="margin:0px;font-size:14.67px">Hello,</span></span><span style="background-color:rgb(255, 255, 255);display:inline !important"></span>

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:14.67px;background-color:white">I hope everyone is doing well!</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">Below is the entry for today.</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">10/28/2021 - Diary entry #379<br>

<br>

</div>

<blockquote style="font-size:14.67px;background-color:white;margin-top:0px;margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

Ranzy Locker is yet another Ransomware operating using the double-extortion model. Before encrypting the data, Ranzy operators exfiltrate sensitive data and threaten to publish on Ranzy Leak, their wall-of-shame, if the ransom is not paid. Ranzy is actually

 a rebrand of TunderX ransomware, active since 2020. Curiously, Ranzy's wall-of-shame URL is the same used by AKO Ransomware (a.k.a. MedusaLocker), active from 2019 to 2020.

<div><br>

</div>

<div>It's easy to spot files affected by Ranzy Locker, as the malware appends the .ranzy extension to every affected file. The files are encrypted with a well-known combination of AES + RSA, used by multiple ransomware families covered in our Daily Diaries.</div>

<div><br>

</div>

<div>This week, on October 25th, FBI published a "flash alert" about Ranzy Locker. According to the advisory, in July this year, more than 30 US-based companies had been hit by Ranzy. The alert also mentions that the majority of attacks used bruteforced RDP

 credentials as an infection vector.</div>

<div><br>

</div>

<div>Our team found the URLs used by Ranzy Locker. Besides a server located in the TOR network (.onion domains) commonly used by most ransomware families, Ranzy also had a .hk domain, presented in the ransom note for victims to negotiate the ransom payment.

 Today, October 28th, all Ranzy Locker domains, including Ranzy Leak, are offline. It's not clear if it's a temporary thing, as the group might shutdown their servers to avoid unwanted attention, or if it's a result of the recent international efforts to fight

 ransomware.</div>

<span></span>

<div style="margin:0px"></div>

<span style="margin:0px"></span>

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px;font-size:14.67px;background-color:white">Kind Regards,</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>