Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Ragnar Locker - Ransomware

The ransomware will perform reconnaissance on the targeted network, exfiltrate sensitive information, and then notify the victim the files will be released to the public if the ransom is not paid. The threat actor behind the malware is known to demand hundreds of thousands of dollars and creates a ransom note that includes the company name. The ransomware targets remote management software used by managed service providers and enumerates all running services on the infected host and stop services that contain a specific string. In May 2020 it was discovered the malware used a new defense evasion technique by installing a full virtual machine on each targeted system.
Name Modified Date Sources
Ragnar Locker - Ransomware 2020-05-21