US federal authorities first became aware of RagnarLocker in April 2020 and subsequently produced a cyber report to disseminate known indicators of compromise (IOCs) at that time. The linked report provides updated and additional IOCs to supplement that report. As of January 2022, analysts have identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.
Thanks to the US Federal Bureau of Investigation for providing this valuable information. Link to full TLP WHITE report (with indicators): flash_ragnarlocker_ransomware.pdf
Comments