On Monday 25th of October 2021, the United States Federal Bureau of Investigation (FBI) announced that Ranzy Locker ransomware operators have compromised at least 30 US companies this year from various industry sectors. In a TLP: WHITE flash alert, the FBI states that the victims of the Ranzy Locker ransomware attacks included “the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”
This flash alert was released in coordination with CISA with the goal of providing key cyber threat information to help security professionals and organisations to detect and counter against ransomware attack attempts from Ranzy Locker gang.
Most reports filed by Ranzy Locker victims to the FBI follow a trend of the ransomware operators gaining access through brute force attacks targeting Remote Desktop Protocol (RDP) credentials. Also, recent reports have indicated that the operators are leveraging known Microsoft Exchange Server vulnerabilities and phishing as the means of compromising their networks.