Gee how convenient just as the shooting part of the war kicks into high gear over in Europe, it appears that a ransomware gang has gained access to 52 different critical US Infrastructure organizations! Here is more from Bleepingcomputer.com.
The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.
This was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency.
“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” the federal law enforcement agency said [PDF].
“RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.”
The flash alert focuses on providing indicators of compromise (IOCs) organizations can use to detect and block Ragnar Locker ransomware attacks.
IOCs associated with Ragnar Locker activity include info on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the gang’s operators.
Although the FBI first became aware of Ragnar Locker in April 2020, Ragnar Locker ransomware payloads were first observed in attacks months before, during late December 2019.
Ragnar Locker operators terminate remote management software (e.g., ConnectWise, Kaseya) used by managed service providers (MSPs) to manage clients’ systems remotely on compromised enterprise endpoints.
This allows the threat actors to evade detection and make sure remotely logged-in admins do not interfere with or block the ransomware deployment process. Source link CLICK HERE.
To see the actual FBI Document/Warning CLICK HERE!
You can support this ministry and keep us on the internet using the links below. Patreon is gone so we have PayPal and Cash App left to us below. We have also added a new monthly support option through the website. That link is below as well. Thank you again and God bless!
Monthly Support Option: https://dontspeaknews.com/donations/
PayPal Link: https://paypal.me/johnnystorm
Cash App ID: $jstorm212