[MART] - Daily Diary #468 - Ragnar Locker Ransomware

CTAS-MAT ctas-mat at appgate.com
Fri Mar 11 21:26:05 UTC 2022

I hope everyone is doing well!

Below is the entry for today.

03/11/2022 - Diary entry #468

Covered in our Daily Diaries #466 and #15, Ragnar Locker is a Ransomware family that operates under the RaaS (Ransomware-as-a-Service) business model.

To decrypt your files, Ragnar demands a ransom within 14 days after the encryption. If it's not paid, the encryption price doubles. And after 21 days, the decryption key will be permanently deleted. The ransom note, dropped as a text file in each affected directory, also threatens to publish/sell stolen data from their victims. Before encrypting the device, Ragnar Locker terminates security and monitoring solutions running in the machine, so that its attack is not detected or interrupted.

We do not recommend anyone affected to pay the ransom, as it's no guarantee that the decryption will work and the stolen data deleted. Besides, it finance and motivates new attacks. Instead, we recommend adopting a ZeroTrust mindset, maintaining offline backups, up-to-date security solutions, multi-factor authentication and network segmentation, minimizing the chances and damages of threats similar to Ragnar.

Kind Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220311/90a498c6/attachment.htm>

More information about the MART mailing list