Ragnarlocker

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. The ransomware has been observed being transferred over HTTP/S and also sent via email as a compressed attachment. Researchers have linked the ransomware used in this attack to the RagnarLocker Linux ransomware. In 2023, significant efforts were made by international law enforcement agencies including Interpol, the FBI, and Europol to dismantle cybercriminal networks. Operations against groups like REvil, Hive, Qakbot, and RagnarLocker were part of these concerted efforts. In October, RagnarLocker had its dark web portal seized by police led by Europol. This followed the demise of Hive at the start of the year and partial success in attempts to end AlphV/BlackCat in December. Despite these takedowns, the impact on the wider scale has been minimal. The cyber extortion ecosystem has become so sophisticated that it is operationally more effective than the law enforcement agencies tasked with disrupting it. Orange noted that even though 2023 saw significant takedowns of some prominent gangs – Hive in January and RagnarLocker more recently – such actions have had little impact overall. In October, law enforcement also took down Trigona, removing them from the threat actor landscape alongside RagnarLocker.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Linux
Encryption
Encrypt
Malware
Medical
Eu
Data Leak
Locker
Esxi
Windows
Ransom
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TrigonaUnspecified
1
Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers,
Ragnar LockerUnspecified
1
Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru
BabukUnspecified
1
Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
LokilockerUnspecified
1
LokiLocker is a unique and sophisticated form of malware, specifically a ransomware variant. Ransomware is a type of malicious software that infiltrates systems, often without the user's knowledge, through suspicious downloads, emails, or websites. Once inside, it can disrupt operations, steal perso
HiveUnspecified
1
Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef
QakBotUnspecified
1
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
RansomedVCUnspecified
1
RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ragnarlocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Major Cybersecurity Breach at Johnson Controls Sparks National Security Concerns
CERT-EU
7 months ago
Lawmakers must build on Feds’ ransomware success in 2024 • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
BlackCat ransomware site down amidst rumours of law enforcement action | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
BlackCat ransomware gang taken down by law enforcement sting? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
2023 may have seen highest ransomware ‘body count’ yet | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Ransomware attacks up 81% year-on-year in October | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
9 months ago
Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack
CERT-EU
10 months ago
RagnarLocker Ransomware, LokiLocker Ransomware, and More: Hacker’s Playbook Threat Coverage Round-up: September 27th, 2023
CERT-EU
9 months ago
DC elections agency warns voting roll may have been stolen
Secureworks
a year ago
Ransomware Evolution
CERT-EU
9 months ago
E-Root marketplace credential-selling admin extradited to US
CERT-EU
9 months ago
Ragnar Locker ransomware’s dark web extortion sites seized by police
CERT-EU
9 months ago
Ragnar Locker ransomware developer arrested in France
CERT-EU
9 months ago
Police seize Ragnar Locker leak site
Securityaffairs
10 months ago
Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital
CERT-EU
9 months ago
The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU
9 months ago
Spanish cops bust multi-million-euro phishing, ID theft ring
Securityaffairs
10 months ago
Dark Angels Team ransomware group hit Johnson Controls
Securityaffairs
9 months ago
Law enforcement operation seized Ragnar Locker group's infrastructure
CERT-EU
8 months ago
Ringleader of Ransomware Group in Ukraine Arrested: Europol