Ragnar Locker

Malware Profile Updated 7 days ago
Download STIX
Preview STIX
Ragnar Locker is a type of malware, specifically ransomware, which has been used in numerous cyber attacks globally. This malicious software infiltrates systems through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, the Ragnar Locker gang was responsible for a significant breach at Israel's Mayanei Hayeshua hospital, where they stole and subsequently leaked sensitive data. In response to these illicit activities, an international law enforcement operation was launched to dismantle the Ragnar Locker operation. The operation successfully seized the group's infrastructure, significantly crippling their ability to continue their cyber criminal activities. This collaborative effort involved multiple agencies and demonstrated the global commitment to combating the growing threat of ransomware attacks. The culmination of this operation was the arrest of the alleged developer of the Ragnar Locker ransomware. This significant breakthrough marked a major step forward in the ongoing fight against cyber crime. The arrest not only disrupted the operations of the Ragnar Locker gang but also sent a clear message to other potential cyber criminals about the serious consequences of engaging in such activities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Locker Ransomware
1
Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve
Ransomedsupport
1
None
Raznatovicadmin
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Data Leak
Locker
Ransom
Extortion
Phishing
Europol
Linux
Malware
Medical
Payload
France
WinRAR
Zero Day
Proxy
Police
Exploits
Encryption
Encrypt
Botnet
Esxi
Israel
Curl
Israeli
Sophos
Malwarebytes
RaaS
Cybercrime
Exploit
Vulnerability
Windows
Ransomware P...
Bitcoin
Cyberscoop
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
3
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
ContiUnspecified
3
Conti is a type of malware, specifically ransomware, which was designed to infiltrate systems, disrupt operations, and potentially hold data hostage for ransom. The malware has been used by various threat actors, including ITG23, who have utilized it alongside other malicious software such as Trickb
HiveUnspecified
3
Hive, a notorious malware known for its destructive capabilities, has been used by cybercriminals to exploit and damage computer systems. One such instance involved the infamous Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive data to crack passwords offline. This malicious software w
MazeUnspecified
2
Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w
Revil/sodinokibiUnspecified
2
REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information,
BabukUnspecified
1
Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, often leading to significant disruptions in operations. A notable instance of Babuk's destructive capabilities occurred on December 7th, when a printing company fell prey to the ransomware. The
RyukUnspecified
1
Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo
RagnarlockerUnspecified
1
RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostag
DoppelpaymerUnspecified
1
DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE.
QakBotUnspecified
1
Qakbot, also known as QBot, is a versatile piece of malware capable of executing several malicious activities such as brute-forcing, web injects, and loading other types of malware. It's often used to steal credentials and gather information, with the cybercriminal group Black Basta being one notabl
MontiUnspecified
1
The Monti ransomware group emerged in June 2022, shortly after the shutdown of operations by the Conti ransomware gang. Monti initially drew attention by mimicking the tactics of the Conti group, even employing its leaked source code to develop their own encryptor. The malicious software is known fo
ClopUnspecified
1
Clop is a notorious malware, short for malicious software, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Clop can steal personal information, disrupt operations, or h
QbotUnspecified
1
Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
EmotetUnspecified
1
Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected,
Black BastaUnspecified
1
Black Basta is a notorious malware group known for its malicious software, specifically ransomware attacks. Since early 2022, the Black Basta Ransomware gang has been actively involved in cybercrimes, amassing at least $107 million in Bitcoin ransom payments. The group's modus operandi involves expl
Maze RansomwareUnspecified
1
Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for
GriefUnspecified
1
Grief is a malicious software, or malware, known for its destructive capabilities to exploit and damage computer systems. It infiltrates unsuspecting users' devices through suspicious downloads, emails, or websites, often without their knowledge. Once inside a system, Grief can steal personal inform
TrigonaUnspecified
1
Trigona, a notable ransomware strain first identified in 2022, is a type of malicious software designed to infiltrate systems and hold data hostage for ransom. Its operations gained significant attention in 2023, as it emerged as a prominent threat in the cybersecurity landscape. Trigona had a uniqu
TrickBotUnspecified
1
TrickBot is a form of malware, or malicious software, that infiltrates systems to exploit and damage them. It can enter your system via dubious downloads, emails, or websites, often without the user's knowledge. Once inside, TrickBot can steal personal information, disrupt operations, or even hold d
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
4
AlphV, a notorious threat actor in the cybersecurity industry, has been responsible for numerous high-profile ransomware attacks. The group's activities include the theft of 5TB of data from Morrison Community Hospital and hacking Clarion, a global manufacturer of audio and video equipment for cars.
DarkSideUnspecified
3
DarkSide is a notorious threat actor known for its malicious activities involving ransomware attacks. The group gained significant notoriety in 2021 when it attacked the largest oil pipeline in the United States, leading to a temporary halt of all operations for three days. This incident, along with
SyssphinxUnspecified
2
Syssphinx, also known as FIN8, is a threat actor that has been active since 2016. This group is known for taking extended breaks between attack campaigns to refine its tactics, techniques, and procedures (TTPs). For instance, Syssphinx had used backdoor malware called Badhatch in attacks since 2019,
FIN8Unspecified
2
FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance.
White RabbitUnspecified
2
White Rabbit is a notable threat actor in the cybersecurity landscape, known for its malicious activities and association with other prominent hacking groups. The group's name, derived from the character in Alice's Adventures in Quantum Wonderland, signifies its unique approach to cyber attacks. In
Vice SocietyUnspecified
1
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
Hive RansomwareUnspecified
1
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
BianlianUnspecified
1
BianLian is a significant threat actor in the cybersecurity landscape, known for executing actions with malicious intent. Recently, they have been exploiting vulnerabilities in JetBrains TeamCity, leading to a series of ransomware attacks. These bugs in JetBrains TeamCity software have provided an e
RansomedVCUnspecified
1
RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-34039Unspecified
1
CVE-2023-34039 is a critical vulnerability identified in VMware's Aria Operations for Networks, a software analysis tool. This flaw, rated 9.8 (critical) on the Common Vulnerability Scoring System (CVSS version 3), is an authentication bypass bug caused by a lack of unique cryptographic key generati
CVE-2023-20269Unspecified
1
CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of
Source Document References
Information about the Ragnar Locker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
7 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
14 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
21 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
3 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
CERT-EU
4 months ago
D#NUT ransomware gang claims Ready or Not dev Void Interactive as a victimD#NUT ransomware gang claims Ready or Not dev Void Interactive as a victim | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU
4 months ago
LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition | #cybercrime | #infosec | National Cyber Security Consulting
Securityaffairs
4 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
DARKReading
5 months ago
LockBit's Leak Site Reemerges, a Week After 'Complete Compromise'
Securityaffairs
5 months ago
Security Affairs newsletter Round 460 by Pierluigi Paganini
DARKReading
5 months ago
Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit
Securityaffairs
5 months ago
Security Affairs newsletter Round 459 by Pierluigi Paganini