On Monday 7th of March 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert revealed that RagnarLocker ransomware gang has breached the networks of at least 52 organizations across 10 critical infrastructure sectors. These affected sectors include “entities in the critical manufacturing, energy, financial services, government, and information technology sectors”.
This flash alert was released in coordination with CISA with the goal of providing key cyber threat information to help security professionals and organisations to detect and counter against ransomware attack attempts from RagnarLocker ransomware gang.
The alert also revealed that “RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.” A common trend which has been identified is RagnarLocker operators will iterates through all running services on the target machines and will terminate remote management software commonly used by managed service providers (MSPs) to administer systems and network remotely.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.