ragnarlocker - X-Industry - Red Sky Alliance2024-03-29T08:30:05Zhttps://redskyalliance.org/xindustry/feed/tag/ragnarlockerThe RagnarLocker Room is Closedhttps://redskyalliance.org/xindustry/the-ragnarlocker-room-is-closed2023-10-31T16:30:00.000Z2023-10-31T16:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12271509879,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12271509879,RESIZE_400x{{/staticFileLink}}" width="230" alt="12271509879?profile=RESIZE_400x" /></a>The RagnarLocker ransomware’s infrastructure and the website the group used for shaming victims were taken down this week as part of a coordinated law enforcement effort. Active since 2020, RagnarLocker has been involved in numerous attacks, with at least 52 entities across 10 critical infrastructure sectors falling victims to this ransomware family, according to data from the Federal Bureau of Investigation (FBI).</p>
<p>See: <a href="https://redskyalliance.org/xindustry/ragnar-locker-ransomware">https://redskyalliance.org/xindustry/ragnar-locker-ransomware</a></p>
<p>Unlike other ransomware operations, RagnarLocker was not promoted as Ransomware-as-a-Service (SaaS) but was operated by a private group that cooperated with other cybercriminals only when needed. On the infected machines, RagnarLocker would gather and exfiltrate system information, iterate through all drives, terminate services that could interfere with the encryption process, and then encrypt all files of interest, avoiding folders and files that might impede the systems operation.<a href="#_ftn1">[1]</a></p>
<p>The same as other ransomware groups, the RagnarLocker cybergang would exfiltrate victims’ data to use it for extortion. In some cases, the group would only steal data for extortion, without deploying file-encrypting ransomware.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/ragnar-locker-update">https://redskyalliance.org/xindustry/ragnar-locker-update</a></p>
<p>The cybergang then listed the alleged victims of its attacks on a Tor-hosted leak site, threatening to release it publicly unless a ransom was paid.</p>
<p>As of 18 October 2023, a message displayed in English on the RagnarLocker ransomware operation’s Tor-based website informs visitors that “this service has been seized as part of a coordinated international law enforcement action against the RagnarLocker group.” On 19 October 2023, Europol announced that the site and the ransomware group’s infrastructure had been shut down in a coordinated effort involving law enforcement agencies in the Czech Republic, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, and the US.</p>
<p>On 16 October 2023, an individual suspected of being the developer for the Ragnar Locker group was arrested in Paris and searches were made at his home in the Czech Republic. Five other suspects were interviewed in Latvia and Spain. During 2023, law enforcement operations also led to the shutdown of other nefarious dark web site, including the Hive ransomware portal in January 2023, the Genesis Market cybercrime marketplace in April 2023, and the drugs marketplace Piilopuoti in September 2023.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></p>
<p><br /> Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/authorities-seize-control-of-ragnarlocker-ransomware-dark-web-site/">https://www.securityweek.com/authorities-seize-control-of-ragnarlocker-ransomware-dark-web-site/</a></p></div>Ransomware Groups Target Critical Infrastructurehttps://redskyalliance.org/xindustry/ransomware-groups-target-critical-infrastructure2022-03-18T17:10:00.000Z2022-03-18T17:10:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10220071260,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10220071260,RESIZE_400x{{/staticFileLink}}" alt="10220071260?profile=RESIZE_400x" width="250" /></a>In the US, the FBI has issued an alert about the RagnarLocker ransomware group targeting at least 52 entities across 10 critical infrastructure sectors. The FBI recently released a flash alert, warning users and organizations in the US to remain vigilant about the RagnarLocker ransomware group's growing footprint. "As of January, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors," the alert says.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/don-t-friend-ragnar-locker-ransomware-gang-on-facebook">https://redskyalliance.org/xindustry/don-t-friend-ragnar-locker-ransomware-gang-on-facebook</a></p>
<p>The FBI, in its technical analysis, says that the ransomware group is known for frequently changing its obfuscation methods to avoid detection, and focuses on geo-targeting. To achieve this, the FBI says that operators of RagnarLocker use a Windows API GetLocaleInfoW. The API helps them identify the location of the infected machine, and if the victim's location is identified as Azerbaijani, Armenian, Belarus, Kazakhstan, Kyrgyzstan, Moldavia, Tajikistan, Russia, Turkmenistan, Uzbekistan, Ukraine or Georgia, then the process of a ransomware infection is automatically terminated.</p>
<p>When it comes to deployment, "RagnarLocker uses VMProtect, UPX, and custom packing algorithms and deploys within an attacker's custom Windows XP virtual machine on a target's site," the alert says. According to the FBI, RagnarLocker also uses other Windows APIs, such as CreateFileW, DeviceIoControl, GetLogicalDrives and SetVolumeMountPointA, to identify all attached hard drives. It then assigns a drive letter to those that have not been assigned a logical drive letter and makes them accessible. "These newly attached volumes are later encrypted during the final stage of the binary," the alert says.</p>
<p>RagnarLocker ransomware operators have been sophisticated in choosing geo-targets and in analyzing the victim's system by using several Windows APIs. "Instead of choosing which files to encrypt, RagnarLocker chooses which folders it will not encrypt. Taking this approach allows the computer to continue to operate normally while the malware encrypts files with known and unknown extensions containing data of value to the victim," the FBI says.</p>
<p>The FBI also shared a list of folders that are not encrypted by the malware:</p>
<ul>
<li>Windows</li>
<li>old</li>
<li>Mozilla</li>
<li>Mozilla Firefox</li>
<li>Tor browser</li>
<li>Internet Explorer</li>
<li>$Recycle.Bin</li>
<li>Program Data</li>
<li>Google</li>
<li>Opera</li>
<li>Opera Software</li>
</ul>
<p>The RagnarLocker ransomware also does not encrypt files with extensions certain extensions; .db, .sys, .dll, .lnk, .msi, .drv, and .exe the FBI says in its alert.</p>
<p>Apart from the modus operandi and the technical analysis of the RagnarLocker ransomware family, the FBI, in its alert, also described other indicators of compromise for the group, such as IP addresses, Bitcoin addresses, and email addresses used by the group's operators.</p>
<p>Watch: <a href="https://redskyalliance.org/redshorts/encore-ragnar-locker-100720">https://redskyalliance.org/redshorts/encore-ragnar-locker-100720</a></p>
<p>In February 2022, security researchers from South Korea’s Kookmin University found a way to decipher Hive's encryption algorithm without using the master key. "To the best of our knowledge, this is the first successful attempt at decrypting the Hive ransomware," the researchers say in the report.<a href="#_ftn1">[1]</a></p>
<p>Their experiment showed that more than 95% of the keys used in encryption could be recovered due to a cryptographic flaw they discovered during analysis. This led to the researchers finding a method for decrypting encrypted files without using the attacker's private key. The researchers say, was possible since they found that the Hive ransomware does not use all bytes of the master key encrypted with the public key. "Using our proposed method, more than 95% of the master key used for generating the encryption keystream was recovered. Most of the infected files could be recovered by using the recovered master key. We expect that our method will be helpful for individuals and enterprises damaged by the Hive ransomware," the researchers say.</p>
<p>"While it may seem like ransomware is unavoidable and being prepared to respond to an infection is important, there are preventive measures that organizations can take to reduce the risk of becoming a victim," says Tim Erlin, vice president of strategy at software company Tripwire. "Attackers have to find a way to install their preferred flavor of ransomware on your systems and shutting down common attack vectors will reduce the risk," he says.</p>
<p>Erlin says that attackers will take advantage of insecurely configured and vulnerable systems: "A noncritical system may provide the attacker with an initial foothold from which they can expand and move laterally."</p>
<p>See: <a href="https://redskyalliance.org/xindustry/emerging-ransomware-groups-replace-old-favorites">https://redskyalliance.org/xindustry/emerging-ransomware-groups-replace-old-favorites</a></p>
<p>It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. No government can stop these attacks except for the counties that are sponsoring or benefitting from the ransom payments.</p>
<p>The following is what Red Sky Alliance recommends:</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data backup and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication-company-wide.</li>
<li>For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services, and devices to be used by all at-home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on ten (10) cyber threat categories including Keyloggers, with having to connect to your network.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
<li>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.bankinfosecurity.com/ransomware-groups-target-global-critical-infrastructure-a-18678">https://www.bankinfosecurity.com/ransomware-groups-target-global-critical-infrastructure-a-18678</a></p></div>Don’t “Friend” Ragnar Locker Ransomware Gang on Facebookhttps://redskyalliance.org/xindustry/don-t-friend-ragnar-locker-ransomware-gang-on-facebook2020-11-12T22:14:40.000Z2020-11-12T22:14:40.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8155549678,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8155549678,RESIZE_400x{{/staticFileLink}}" width="250" alt="8155549678?profile=RESIZE_400x" /></a>The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it downloaded in a November 3, 2020 attack unless a US$15 million ransom is paid in Bitcoin. Attacks that are carried out by the gang behind Ragnar Locker, break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manually, before demanding multi-million dollar ransoms.</p>
<p>Cyber threat actors, who conduct similar “targeted” or “big game” ransomware attacks, the Ragnar Locker gang try to avoid detection as they operate inside a victim’s network with a tactic dubbed “living off the land”. Living off the land entails using legitimate software administration tools that either already exist on the network the crooks have broken into, or that don’t look suspicious or out of place. <a href="https://nakedsecurity.sophos.com/2019/02/14/inside-a-gandcrab-targeted-ransomware-attack-on-a-hospital/">PowerShell</a> framework has been used in this manner for attacks.</p>
<p>PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on 18 August 2016 with the introduction of PowerShell Core. The former is built on the.NET Framework, the latter on.NET Core.</p>
<p><a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari Group</a>, which owns a number of popular global brands including SKYY, Grand Marnier and Wild Turkey, has acknowledged the ransomware attack. This is a new spin on the <a href="https://threatpost.com/double-extortion-ransomware-attacks-spike/154818/">double-extortion ransomware tactic</a>, where criminals not only lock organizations out of their systems, but also threaten to release sensitive stolen data to the public if their demands are not met. The Facebook ads an entirely new layer of extortion pressure, letting the public know that Campari data is compromised and that the liquor giant is refusing to pay to keep it secure.</p>
<p>The ads, first spotted by researcher Brian Krebs on Nov. 9, 2020 were to-the-point and entitled, “Security Breach of Campari Group Network.” <a href="https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/">Ragnar Locker bought the ads</a> using a hacked Facebook account, which Krebs said were subsequently shown to more than 7,000 users before Facebook caught on and pulled them down.</p>
<p>“Cybercrime groups have no shame in their extortion attempts,” Chris Clements, vice president of solutions architecture with Cerberus Sentinel said. “They will use any and all options available to them to extract whatever money they can from their victims. The use of compromised Facebook user accounts to buy ad campaigns to further harass their victims is novel, but not at all out-of-character.”</p>
<p>First observed in 2019, the Ragnar Locker group started using the threat of making stolen data public in April 2020, when it launched a Wall of Shame site, security researcher who uses the handle Pancak3.</p>
<p>He added that the executables for both the <a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari ransomware attack</a> and a recent high-profile breach of <a href="https://threatpost.com/gaming-giant-capcom-ragnar-locker-ransomware/160996/">gaming giant Capcom</a> were signed by the same cert, linking both to the Ragnar Locker group. Pancak3 added that he thinks it shows that the Ragnar Locker ransomware operators are getting “more confident in their intrusion methods.” With the development of public advertising to increase pressure for victims to pay, it would appear the group is not even trying to hide their malicious activities any longer. In fact, they are publicizing them. An added concern is that everyday Facebook advertisers are now vulnerable to Ragnar Locker attacks.</p>
<p>“What this does show is that every online user is vulnerable to compromise and false financial charges should their social-media accounts be compromised and used to purchase ad campaigns on the corresponding platforms,” Clements said. “Users should ensure that two-factor authentication is enabled on all of their online accounts and that they do not reuse the same password across different websites or mobile applications.”</p>
<p>Backing up bad actions with public advertising is likely to be copied by other hacker gangs. Ragnar Locker appears to be somewhat of an influential group within the ransomware community. In September 2020, researchers observed the Maze group picking up the <a href="https://threatpost.com/maze-ransomware-ragnar-locker-virtual-machine/159350/">Ragnar Locker trick</a> of distributing ransomware with virtual machines, an approach experts at Sophos Managed Threat Response called “radical.”</p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to success. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. There are extensive reports on many of the threats mentioned in this article that can be found at <a href="https://redskyalliance.org/">https://redskyalliance.org</a>. There is no charge for these reports and articles posted.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company wide.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. <a href="http://www.infragard.org/">infragard.org</a></li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p><strong> </strong></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><strong>Weekly Cyber Intelligence Briefings: </strong></p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<p><a href="{{#staticFileLink}}8155550695,original{{/staticFileLink}}">TR-20-317-001.pdf</a></p>
<p> </p>
<p><a href="https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/">https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/</a></p>
<p> </p></div>Ragnar Locker Ransomwarehttps://redskyalliance.org/xindustry/ragnar-locker-ransomware2020-10-05T18:23:14.000Z2020-10-05T18:23:14.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8008662288,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8008662288,RESIZE_400x{{/staticFileLink}}" width="250" alt="8008662288?profile=RESIZE_400x" /></a>The popularity of ransomware threats does not seem to be decreasing. Instead, more and sophisticated ransomware threats are being deployed. Ragnar Locker is a new data encryption malware in this style. </p>
<p>The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen. This continued cooperation between ransomware gangs is a dangerous development. The sharing of advice. Tactics and a centralized data leak platform between different ransomware operations will only enable these actors to perform more advanced attacks and demand higher ransom payments.</p>
<p>Ragnar Locker is ransomware that affects devices running Microsoft Windows operating systems. It was initially observed towards the end of December 2019 as part of a series of attacks against compromised networks.</p>
<p>In general, this malware is deployed manually after an initial compromise, network reconnaissance and pre-deployed tasks on the network. This shows that this is a more complex operation than most ransomware propagation campaigns.</p>
<p>Before starting the Ragnar Locker ransomware, attackers inject a module capable of collecting sensitive data from infected machines and upload it to their servers. Next, threat actors behind the malware notify the victim the files will be released to the public if the ransom is not paid.</p>
<p>There is a group of steps executed by Ragnar Locker operators every time an organization or infrastructure is impacted. Digging into the details, attackers first compromise networks, infrastructures, and organizations using found vulnerabilities or through social engineering such as phishing attacks, spearphishing and Business Email Compromise attacks.</p>
<p>During the compromise process, reconnaissance, pre-deployment tasks, and data exfiltration are performed before executing the piece of ransomware. Each malware sample is unique, with the specific ransom note hardcoded inside the malware. The affected group name, the links to the bitcoin wallet, and the links to a dark web blog are embedded inside the binary</p>
<p>When the ransomware starts, it enumerates running processes and stops if some of these services contain specific strings, such as:</p>
<p>Vss, sql, memtas, mepocs, Sophos, veeam, backup, pulseway, logme, logmein, connectwise, splashtop, Kaseya</p>
<p>Ransomware in this line often disables some services as a way to bypass security protections and also database and backup systems to increase the impact of the attack. Also, database and mail services are stopped so that their data can be encrypted during the infection process. One of the particularities that spotlight Ragnar Locker is that it is targeting specifically remote management software often used by managed service providers (MSPs), such as the popular ConnectWise and Kaseya software.</p>
<p>Ragnar Locker adds the hardcoded extension “<strong>.ragnar_*</strong>” appended to the end of the file name and “<strong>*</strong>” is replaced by a generated and unique ID. All the available files inside physical drives are encrypted and, in the end, the notepad.exe process is opened and showing the ransom note file created on the victim’s system directory</p>
<p>Prevention measures:</p>
<p>We are living in an era where ransomware continues to grow, and the number of attacks has increased especially during the COVID-19 pandemic. There is no magic solution to prevent attacks of this nature, however, there is a set of good practices that can be applied in order to minimize the impact of data encryption attack.</p>
<ul>
<li>The use of an antivirus is mandatory. This software should be regularly updated</li>
<li>Patch updates regularly and update all the software including operating systems, network devices, applications, mobile phones and other software if applicable</li>
<li>Maintain a proper backup and restore mechanism and made it mandatory</li>
<li>Regularly test the recovery function of backup and restore procedures and also test the data integrity of backups</li>
<li>Conduct simulated ransomware preparedness tests. This is a rule of thumb to check the response of your ecosystem against these kinds of attacks</li>
<li>If you use Microsoft Office, install Microsoft Office viewers and always keep macros disabled by default</li>
<li>Limit access to mapped drives whenever possible and keep file sharing disabled by default. In general, ransomware looks into shared drives and encrypts files available on the network</li>
<li>Don’t enable remote services. The organizations with RDP, VPN, proxies and servers are to be provided with better IT security standards</li>
</ul>
<p>Security awareness training should be introduced in order to improve cyber education. The download of anything from untrusted sources should be flagged in our mind as a dangerous task.</p>
<p><strong>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></strong></p>
<ul>
<li><strong>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> </strong></li>
<li><strong>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></strong></li>
<li><strong>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </strong></li>
</ul>
<p><strong> <a href="{{#staticFileLink}}8004233301,original{{/staticFileLink}}">TR-20-280-001_RagnarLockerRedShort Ragnar.pdf</a></strong></p></div>