RagnarLoocker - FBI Flash Report

Industry: Energy, Financial Services, Government, Information Technology and Manufacturing | Level: Tactical | Source: DocumentCloud

The United States Federal Bureau of Investigation provides an update of RagnarLocker ransomware, which the bureau has been tracking since April 2020. The ransomware family has made significant impacts, "As of January 2022, the FBI has identified at least 52 entities across 10 critical manufacturing, energy, financial services, government and information technology sectors." The ransomware does a system check on the victim host and terminates if the following locations are identified; Azerbaijani, Armenian, Belorussian, Kazakh, Kyrgyz, Moldavian, Tajik, Russian, Turkmen, Uzbek, Ukrainian, or Georgian. Prior to encryption the ransomware will delete shadow copies. Not all files are encrypted on the victim host as only "all available files of interest" are encrypted.

• Anvilogic Use Case: AVL_UC1115 - Inhibit System Recovery Commands