Pierluigi Paganini September 07, 2021

The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies.

The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies.

The group announced its new strategy with a message on its darknet leak site, the gang also extend the threat to victims that will request the help of data recovery experts and professional negotiators.

“In our practice, we has facing with the professional negotiators much more often in last days. Unfortunately it’s not making the process easier or safer, on the contrary it’s actually makes all even worse. Such negotiator are usually working in recovery-companies affiliated or even working directly in Police/FBI/investigation agency and etc. They are totally not interested in commercial success of their clients or in safety of theirs private data.” reads the announcement.

“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately. Don’t think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie. Dear clients if you want to resolve all issues smoothly, don’t ask the Police to do this for you. We will find out and punish with all our efforts.”

The ransomware operator states professional negotiators hired by the victims are not interested in the commercial success of their clients.

In the past, the Ragnar Locker gang hit high-profile organizations such as Japanese gaming firm Capcom, aviation giant Dassault Falcon, and chipmaker ADATA.

In November, the U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

The report contains other technical details about the ransomware and provides the following recommendations to mitigate the threat:

• Recommended Mitigations
• Back-up critical data offline.
• Ensure copies of critical data are in the cloud or on an external hard drive or storage device. This information should not be accessible from the compromised network.
• Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.
• Install and regularly update anti-virus or anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks.
• Consider installing and using a VPN.
• Use multi-factor authentication with strong passwords.
• Keep computers, devices, and applications patched and up-to-date.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]