Ragnar Locker

Malware updated 3 months ago (2024-08-13T10:18:19.283Z)

Download STIX

Preview STIX

Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. The Ragnar Locker ransomware has been associated with significant breaches, including the attack on Israel's Mayanei Hayeshua hospital where sensitive data was leaked. Additionally, it was used in an attack that breached a company's VMware ESXi hypervisors, resulting in the freezing of the systems and theft of a reported 27 terabytes worth of data. In a significant development, law enforcement agencies have successfully arrested the alleged developer of the Ragnar Locker ransomware. This arrest was part of a broader operation which resulted in the seizure of the Ragnar Locker group's infrastructure. These actions are indicative of increasing international collaboration among law enforcement agencies to combat cybercrime. Over the past year, these cooperative efforts have led to major disruptions in the activities of cybercriminals. Alongside the takedown of the Ragnar Locker operation, law enforcement agencies worldwide have worked together to disrupt the Qakbot malware and dismantle a global network of computers infected by the decades-old Snake malware. This shows the increasing effectiveness of international collaboration in combating cyber threats and ensuring cybersecurity.

Description last updated: 2024-08-13T10:16:36.846Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Data Leak

Locker

Ransom

Extortion

Malware

Europol

Payload

Phishing

Medical

Linux

Esxi

Police

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Ragnar Locker. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	Unspecified	3
The Hive Malware is associated with Ragnar Locker. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	3
The Lockbit Malware is associated with Ragnar Locker. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	3
The Babuk Malware is associated with Ragnar Locker. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	Unspecified	2
The QakBot Malware is associated with Ragnar Locker. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d	Unspecified	2
The Maze Malware is associated with Ragnar Locker. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Ragnar Locker. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB	Unspecified	4
The DarkSide Threat Actor is associated with Ragnar Locker. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across	Unspecified	3
The FIN8 Threat Actor is associated with Ragnar Locker. FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance.	Unspecified	2
The White Rabbit Threat Actor is associated with Ragnar Locker. White Rabbit is a notable threat actor in the cybersecurity landscape, known for its malicious activities and association with other prominent hacking groups. The group's name, derived from the character in Alice's Adventures in Quantum Wonderland, signifies its unique approach to cyber attacks. In	Unspecified	2
The Syssphinx Threat Actor is associated with Ragnar Locker. Syssphinx, also known as FIN8, is a threat actor that has been active since 2016. This group is known for taking extended breaks between attack campaigns to refine its tactics, techniques, and procedures (TTPs). For instance, Syssphinx had used backdoor malware called Badhatch in attacks since 2019,	Unspecified	2

Source Document References

Information about the Ragnar Locker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	3 months ago	FBI Leads Effort to Dismantle Radar/Dispossessor Ransomware
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
DARKReading	4 months ago	Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand
CERT-EU	a year ago	Law Enforcement Disrupts BlackCat Ransomware Operation \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
CERT-EU	8 months ago	D#NUT ransomware gang claims Ready or Not dev Void Interactive as a victimD#NUT ransomware gang claims Ready or Not dev Void Interactive as a victim \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting