FBI: Ransomware gang breached 52 US critical infrastructure orgs



FBI-logo-webThe US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.

Bleeping computer reported this was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency.

"As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors," the federal law enforcement agency said [PDF].

"RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention." The flash alert focuses on providing Indicators Of Compromise (IOCs) organizations can use to detect and block Ragnar Locker ransomware attacks.

IOCs associated with Ragnar Locker activity include info on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the gang's operators. Although the FBI first became aware of Ragnar Locker in April 2020, Ragnar Locker ransomware payloads were first observed in attacks months before, during late December 2019.

Ragnar Locker operators terminate remote management software (e.g., ConnectWise, Kaseya) used by managed service providers (MSPs) to manage clients' systems remotely on compromised enterprise endpoints. This allows the threat actors to evade detection and make sure remotely logged-in admins do not interfere with or block the ransomware deployment process.

Request for info linked to Ragnar Locker attacks

The FBI asked admins and security professionals who detect Ragnar Locker activity to share any related information with their local FBI Cyber Squad. Useful info that would help identify the threat actors behind this ransomware gang includes copies of the ransom notes, ransom demands, malicious activity timelines, payload samples, and more.

The FBI added that it doesn't encourage paying Ragnar Locker ransoms since victims have no guarantee that paying will prevent leaks of stolen data or future attacks. Instead, ransom payments will further motivate the ransomware gang to target even more victims and incentivizes other cybercrime operations to join in and launch their own ransomware attacks.

However, the federal agency did recognize the damage inflicted to businesses by ransomware attacks, which may force executives to pay ransoms and protect shareholders, customers, or employees. The FBI also shared mitigation measures to block such attacks and strongly urged victims to report such incidents to their local FBI field office.

This was cross-posted with grateful acknowledgement to Bleepingcomputer


A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

RogerMasterClass-FeatureImage (1) (1)
Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4,  for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

  • How to detect ransomware programs, even those that are highly stealthy 
  • Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)
  • The policies, technical controls, and education you need to stop ransomware in its tracks
  • Why good backups (even offline backups) no longer save you from ransomware

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/ransomware-master-class

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews