The US FBI has warned that the Ragnar Locker ransomware gang has compromised the networks of at least 52 organizations in several US critical infrastructure sectors.
The FBI and CISA have issued a flash alert warning that the Ragnar Locker ransomware gang has compromised the networks of at least 52 organizations across 10 critical infrastructure sectors. Ransomware activity has been active since late December 2019, and this is the second time the FBI first shared an IoC related to RagnarLocker activity, and the FBI first became aware of the threat in April 2020.“As of January 2022, the FBI has identified at least 52 entities in the 10 critical infrastructure sectors affected by the RagnarLocker ransomware, including entities in key manufacturing, energy, financial services, government and information technology sectors.” Read the FBI’s flash alert. “RagnarLocker ransomware attackers operate as part of the ransomware suite, frequently changing their obfuscation techniques to evade detection and prevention.”
Flash alerts provide details about the attack infrastructure, the Bitcoin addresses the gang uses to receive ransom payments from their victims, and the email addresses the gang operators use.
Flash alerts include a set of mitigation measures to neutralize these attacks.
- Back up your important data offline.
- Make sure you have copies of your important data in the cloud or on an external hard drive or storage device. This information should not be accessible on compromised networks.
- Protect your backups and make your data inaccessible for modification or deletion on the system where it resides.
- Use multi-factor authentication with strong passwords, including remote access services.
- Patch and keep your computers, devices and applications up to date.
- Monitor for cyberthreat reports related to publication of compromised VPN login credentials and change passwords and settings.
- Consider adding an email banner to emails you receive from outside your organization.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
- Audit user accounts with administrative privileges and configure access control with least privilege in mind.
- Implement network segmentation.
Users who identify or have information about suspicious activity within the enterprise;
We recommend that you immediately contact your local FBI Cyber Investigation Unit regarding the procedures outlined in the Reporting Notice section of this message.
Follow me on Twitter: @securityaffairs And Facebook
(security work – Hacking, Ragnar Locker Ransomware)
share