Ragnar Locker Ransomware Attacks

A ransomware gang by the name of Ragnar Locker has threatened its victims, saying that they will leak their private and personal data if they attempt to contact law enforcement agencies such as the FBI. It is worth noting that Ragnar Locker has been on the watch list of many security agencies in the United States for some time. Both the FBI and Cyber Security Infrastructure Agency (CISA) have kept close tabs on the group. This is due to the increasing number of victims, who are primarily cloud service providers of numerous firms. Ragnar Locker has also carried out cyber attacks against companies belonging to various industries including travel, communication and construction.  

Threat to Victims 

Ragnar Locker has stated that they will leak the data of victims who contact the authorities regarding a ransomware attack. This threat was made public on their website and warned that the entirety of the stolen information will be made public for those who alert law enforcement. The threat also applies to victims contacting data recovery experts to try decryption and conduct the negotiation process. In any such case the gang will publish the victim’s data on their site. The ransomware operator stated that professional negotiators only make the recovery process worse because such negotiators are often working with data recovery companies affiliated with law enforcement agencies like the FBI. 

Threat actors from this group are known to manually deploy ransomware payloads that encrypt victims' systems. They then spend time conducting reconnaissance to discover network resources, company backups, and other sensitive files they can steal before the encryption stage. Some of Ragnar Locker's latest victims have included Japanese game developer Capcom, and the aviation giant Dassault Falcon. In the case of Capcom, the group  encrypted 2,000 devices and demanded an $11,000,000 ransom in exchange for a decryptor. 

Should you Pay the Ransom? 

Many believe that paying ransom motivates cyber criminals to target more victims and gives others incentive to follow suit and conduct illegal activities. When targeted with ransomware, paying the ransom does not always guarantee success in data recovery, in fact in 42% of ransomware cases, no decryption key is provided upon the payment of ransom. The FBI doesn’t support paying ransom to hackers as it won’t stop the possibility of future attacks; instead they encourage victims to contact their local FBI field office if they have been targeted. However in many ransomware cases, law enforcement agencies are of little to no help for the victims due to being overloaded with complex cases and pending investigations. 

While it is a serious threat that shouldn’t be taken lightly, it is definitely worth considering how Ragnar Locker will know when a victim has contacted the authorities. This would appear to be more of a scare tactic than anything, a technique used to cause panic and inevitably gain their desired outcome, the demanded ransom.  

It is important, even when threatened, to make sure you contact law enforcement promptly if you have suffered any form of cyber attack and to make sure you take the necessary steps to recover data and ensure your systems are restored. Authorities will handle the situation to the best of their ability and you will be informed of the correct procedure to take if you’ve fallen victim to an attack.