Ragnar Locker - Ransomware
The ransomware will perform reconnaissance on the targeted network, exfiltrate sensitive information, and then notify the victim the files will be released to the public if the ransom is not paid. The threat actor behind the malware is known to demand hundreds of thousands of dollars and creates a ransom note that includes the company name. The ransomware targets remote management software used by managed service providers and enumerates all running services on the infected host and stop services that contain a specific string. In May 2020 it was discovered the malware used a new defense evasion technique by installing a full virtual machine on each targeted system.