According to the US Federal Bureau of Investigation (FBI), the RagnarLocker threat group breached 52 entities, of which 10 are critical infrastructure sectors including financial services, manufacturing, energy, government, and IT. To avoid suspicion and ensure administrators do not intervene with the deployment process, the ransomware operators breached and disabled remote management software such as ConnectWise and Kaseya.
“RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” the federal law enforcement agency said.
The FBI has asked security experts to provide any relevant information with the regional FBI team such as copies of the ransom notes, malicious activity timelines, ransom requests, payload samples, and other IOCs. This could aid in identifying the perpetrators of this ransomware group.