Cybersecurity Firm Sophos Reveals New Details Of Ragnar Locker Ransomware Attack
Cybersecurity Firm Sophos Reveals New Details Of Ragnar Locker Ransomware Attack
May 23, 2020
Cybersecurity Firm Sophos Reveals New Details Of Ragnar Locker Ransomware Attack
Cybersecurity Firm Sophos Reveals New Details Of Ragnar Locker Ransomware Attack
May 23, 2020

Sophos, the UK-based cybersecurity firm, has revealed that new details of Ragnar Locker ransomware attack, which runs a virtual machine on target computers in order to infect them with the ransomware, as this may play the attack beyond the reach of the computer’s local antivirus software.

It has been reported that the Ragnar Locker attack is quite selective when choosing its victims, as it’s targets tend to be companies rather than individual users.

However, Ragnar Locker asks victims for large amounts of money to decrypt their files. It also threatens to release sensitive data if users do not pay the ransom.

As per the report, Sophos gave the example of the network of Energias de Portugal, who stole ten terabytes of sensitive data, demanding payment of 1,850 Bitcoin (BTC) in order not to filter the data. 1,850 BTC is worth around $11 million as of press time.

The modus operandi of ransomware is to take advantage of vulnerabilities in the Windows remote desktop app, where they obtain administrator-level access to the computer.

ALSO READ :  Brazil May Open The Doors For Bitcoin

With the necessary permissions granted, attackers configure the virtual machine to interact with the files, as they proceed to boot up the virtual machine by running a stripped-down version of Windows XP called “Micro XP v0.82.”

Brett Callow, the threat analyst at malware lab Emsisoft, said:

“The operators have recently been observed to launch the ransomware from within a virtual machine to avoid detection by security products. Like other ransomware groups, Ragnar Locker steals data and uses the threat of its release as additional leverage to extort payment. Should the company not pay, the stolen data is published on the group’s Tor site.” 

Also, Callow states that the tactics deployed by ransomware groups are becoming ever more “insidious and extreme” by considering that the ransomware gangs behind Ragnar Locker now threaten to sell the data to the victim’s competitors or use it to attack their customers and business partners.

Thus, Callow added:

“Companies in this situation have no good options available to them. Even if the ransom is paid, they simply have a pinky-promise made by a bad faith actor that the stolen data will be deleted and not misused.”

Source: Cointelegraph | Image: Analytics India Magazine


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Ishita Bora

Ishita Bora is a content creator at Digital Notice Media Labs. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. She is an archetypal writer, who loves to create her own little world with words and locutions. Apart from this, her interest lies in blockchain technology and cryptocurrency space, as she loves writing about blockchain and other blockchain-related articles. Currently, she is working on blockchain-based news, reviews, featured articles, and guides.
Share This

Share This

Share this post with your friends!