A ransomware gang has breached the networks of at least 52 organisations from multiple US critical infrastructure sectors, according to the Federal Bureau of Investigation (FBI).
In an alert published in coordination with the Cybersecurity and Infrastructure Security Agency, the FBI said that, as of January 2022, it has identified “at least 52 entities across 10 critical infrastructure sectors affected by Ragnar Locker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors”.
It added: “Ragnar Locker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.”
The Ragnar Locker gang targets machines operating on Windows. Operators use remote management software to manage systems.
The FBI asked administrators and security professionals who detect Ragnar Locker activity to share any related information with their local FBI Cyber Squad.
Useful info that would help identify the threat actors behind this ransomware gang includes copies of the ransom notes, ransom demands, malicious activity timelines, payload samples, and more.
The FBI added that it doesn’t encourage paying Ragnar Locker ransoms since victims have no guarantee that paying will prevent leaks of stolen data or future attacks.
Instead, it suggested, ransom payments will further motivate the ransomware gang to target even more victims and incentivise other cybercrime operations to join in and launch their own ransomware attacks.
However, the federal agency did recognise the damage inflicted to businesses by ransomware attacks, which may force executives to pay ransoms and protect shareholders, customers, or employees.