Cyber Security

RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI

The FBI says it has identified at least 52 critical infrastructure entities infected by RagnarLocker ransomware since it arrived on the cybercrime scene nearly two years ago.

RagnarLocker threat actors and variants have impacted organizations operating in 10 sectors classified as critical infrastructure, including energy, financial services, government, information technology, and vital manufacturing operations, said the US law enforcement agency.

Via a flash alert (PDF) issued on March 7, the FBI has also shared indicators of compromise (IoCs) to supplement the guidance it previously disseminated after RagnarLocker emerged in April 2020.

GetLocale

The law enforcement agency noted how RagnarLocker uses the Windows API GetLocaleInfoW to identify the location of an infected machine, in order to halt potential attacks against organizations operating in Russia, Ukraine, Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Kyrgyz, Moldova, Tajikstan, Turkmenistan, Uzbekistan, and Georgia.

While the malware itself curtails attacks in countries within Russia’s sphere of influence, Tim Erlin, vice president of strategy at cybersecurity software company Tripwire, said “it’s a mistake to conflate the tool used with the actor executing that tool.

“There are certainly cases where the threat actor and the tool are closely associated, but without clear evidence, it’s an assumption.”

RagnarLocker favors the in-vogue ‘double extortion’ tactic, where in addition to the inducement of decrypting compromised data, attackers also threaten to leak sensitive information if ransom demands are not met.

The FBI noted that “instead of choosing which files to encrypt, RagnarLocker chooses which folders it will not encrypt. Taking this approach allows the computer to continue to operate ‘normally’ while the malware encrypts files with known and unknown extensions containing data of value to the victim”.

The FBI issued its usual advice that victim organizations should not pay ransoms to cybercriminals, as it funds and incentivize further attacks and does not guarantee data recovery.

The agency also urged organizations to report ransomware incidents to their local FBI field office, and bolster their defenses with the help of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Stop Ransomware resource, MS-ISAC Joint Ransomware Guide (PDF), and Ransomware Readiness Assessment (RRA), a module within its Cyber Security Evaluation Tool (CSET).

Source: https://portswigger.net/daily-swig/ragnarlocker-ransomware-struck-52-critical-infrastructure-entities-within-two-years-fbi

Click to comment

You May Also Like

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

The United States is facing an unsustainable demand for water and lacks the security posture to defend the nation’s water systems from emerging threats,...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version