Ragnarlocker

View crypto

External Analysis49

External Analysis
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security
https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police
https://twitter.com/malwrhunterteam/status/1475568201673105409
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/analysis-and-protections-for-ragnarlocker-ransomware.html
http://reversing.fun/posts/2021/04/15/unpacking_ragnarlocker_via_emulation.html
http://reversing.fun/reversing/2021/04/15/unpacking_ragnarlocker_via_emulation.html
https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel
https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf
https://blog.blazeinfosec.com/dissecting-ragnar-locker-the-case-of-edp/
https://blog.bushidotoken.net/2022/05/gamer-cheater-hacker-spy.html
https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/
https://blog.reversing.xyz/docs/posts/unpacking_ragnarlocker_via_emulation/
https://blog.reversing.xyz/reversing/2021/04/15/unpacking_ragnarlocker_via_emulation.html
https://cyware.com/news/ragnar-locker-breached-52-organizations-and-counting-fbi-warns-0588d220/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf
https://id-ransomware.blogspot.com/2020/02/ragnarlocker-ransomware.html
https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
https://news.sophos.com/en-us/2021/02/03/mtr-casebook-uncovering-a-backdoor-implant-in-a-solarwinds-orion-server/
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://securelist.com/modern-ransomware-groups-ttps/106824/
https://securelist.com/targeted-ransomware-encrypting-data/99255/
https://seguranca-informatica.pt/ragnar-locker-malware-analysis/
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://twitter.com/AltShiftPrtScn/status/1403707430765273095
https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion
https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom
https://www.acronis.com/en-sg/articles/ragnar-locker/
https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/
https://www.bleepingcomputer.com/news/security/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/
https://www.bleepingcomputer.com/news/security/japanese-game-dev-capcom-hit-by-cyberattack-business-impacted/
https://www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/
https://www.capcom.co.jp/ir/english/news/pdf/e210413.pdf
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.ic3.gov/Media/News/2022/220307.pdf
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ragnarlocker-ransomware-threatens-to-release-confidential-information
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
https://www.theregister.com/2022/03/09/fbi_says_ragnar_locker_ransomware/
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/analysis-and-protections-for-ragnarlocker-ransomware.html
https://www.waterisac.org/system/files/articles/FLASH-MU-000140-MW.pdf
https://www.zdnet.com/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/

Ransom notes2

• !_^_README_NOTES_RAGNAR_^_!.txt (Format: txt)
• ragnarlocker1.txt (Format: txt)

View all notes

Urls2

Url	Status	Screen	Uptime 30d	Health
http://rgleak7op734elep.onion	Down		—
http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/	Up		67%

File servers7

Url	Status	Screen	Uptime 30d	Health
http://p6o7m73ujalhgkiv.onion	Down		—
http://2dxxyil6kur3qpht2tkklupdgacrcbfun6qf5jmk3hafmt6n6ockbzid.onion	Down		—
http://goh2zbohdiblk23scvtae7delci5cioy73la2lnrduxutxksl7xiscqd.onion	Down		—
http://t2w5byhtkqkaw6m543i6ax3mamfdy7jkkqsduzzfwhfcep4shqqsd5id.onion	Down		—
http://wxbpssv4hiwlcgt4cxam3cznu4feqgf5pqfibbku3x6dwvtcakdkyeid.onion	Down		—
http://xxbsnxdqmthgpydddmuvg7yzy6pdfnlnlepxa5my4mjiqjsee6yidhyd.onion	Down		—
http://7twfgaqyik3xfuu4.onion	Down		—

Chat servers1

Url	Status	Screen	Uptime 30d	Health
http://ragnarmj3hlykxstyanwtgf33eyacccleg45ctygkuw7dkgysict6xyd.onion/	Down		33%

Activity (interactive) 123

Activity charts

Aggregation Daily Weekly Rolling avg. Off 3 7 14 PNG

Posts123

Date	Title	Description	Screen
2023-10-12	Scotbeef Ltd. - Leaks
2023-10-11	Eicon Controle Inteligentes
2023-10-06	International Presence Ltd - Leaked
2023-10-05	Learning Partnership West - Leaked
2023-10-03	Groupe Fructa Partner - Leaked
2023-09-30	Network Pacific Real Estate - Leak
2023-09-30	Astre - Leaked
2023-09-25	Stratesys Full data leak
2023-09-22	Announcement: COMECA Group going to be Leaked
2023-09-22	Announcement: Skatax Accounting company going to be leaked
2023-09-22	Retail House - Full Leak
2023-09-21	Announcement: Stratesys solutions going to be leaked
2023-09-21	Announcement: Stratesys solutions going to b
2023-09-19	Announcement: Groupe Fructa Partner will be leaked soon
2023-09-19	CITIZEN company LEAKED
2023-09-17	Announcement: Retail House going to be LEAKED
2023-09-15	Updates: Israel "MYMC"
2023-09-06	Israel Medical Center - leaked
2023-09-02	DOIT - Canadian IT company allowed leak of its own clients.
2023-08-08	Batesville didn't react on appeal and allows Full Leak
2023-07-31	Announcement: Batesville Tool & Die, Inc will be leaked in 3 Days
2023-07-10	Belize Electricity Limited - Leaked
2023-07-05	Portugal Scotturb Data Leaked
2023-05-28	Australian Universal Crane Leak
2023-05-18	Autlan Metallorum, Mexican Miner Leak
2023-04-25	CANTALK, Canadian translation services - Leak
2023-03-29	Public Appeal to the CANTALK management
2023-03-29	Temporary Leak Page #0013995NTa
2023-03-03	New Leak in lawyers company AASP.
2023-03-03	New Leak in lawyers company.
2023-02-22	AASP claim there was no data leakage!
2022-12-28	Hundred thousands of personal data, leak preview
2022-12-21	Wrapex Industrial - Leaked
2022-12-20	Serena Hotels - Leaked
2022-12-13	ITONCLOUD - LEAKED
2022-11-25	Essent company - Leaked
2022-11-22	Leak Announcement - IT company ITonCLOUD
2022-11-16	Belgium company Zwijndrecht - Leaked
2022-10-27	DURAVIT A.G. - Announcement before publishing data
2022-10-19	DIPF-INTERN - Leaked
2022-10-19	Dollmar SpA - Leaked
2022-10-13	Fashion company ZIGI NY - Leaked
2022-10-11	DMCI Holding Leaked
2022-10-10	TANG CAPITAL LEAKED
2022-10-06	Avalon luxury transport company - Leaked
2022-10-04	AudioQuest Data Leaked
2022-10-04	Malayan Flour Mills Bhd. Data Leak
2022-09-19	TAP Air Leak of more than 1.5 million of customers and many other.
2022-09-14	DDoS instead of the Discuss - Nice try TAP Air
2022-09-14	TAP AIR PORTUGAL - 115k personal data leak
2022-09-03	TAP Air - First Facts
2022-09-01	USA Insurance company - Smith brothers File tree and some proofs
2022-08-31	Huge drama for Tap Air Portugal
2022-08-23	DESFA - Pipeline company LEAK
2022-08-23	Announcement. Action Lab File-tree
2022-08-19	Greece pipeline company breached - DESFA
2022-08-18	File-tree of Tang Capital
2022-08-02	Puma Biotechnology - decided to allow Leaks
2022-07-19	GENSCO Inc. - allows Leak
2022-07-13	Epec.PL - Lied about the absence of Leak
2022-07-02	New Leak: Northern Data Systems
2022-07-02	New Leak: Prudential LTG.
2022-06-04	Sierra Packaging Leaked
2022-06-01	Jonathan Adler Leaks
2022-05-23	Germany Corporation "VMT-GmbH" Leaked
2022-05-11	Simonson-Lumber decided to be Leaked
2022-04-21	Simonson-Lumber Inc. First batch of Data.
2022-04-06	International Centre Leaked
2022-03-14	Smith Transport Full Leak
2022-03-05	GHI Hornos Industriales Fully Leaked
2022-02-28	GHI Hornos Industriales first batch of Data (0,1%)
2022-01-27	Airspan Networks got Leaked
2022-01-25	IT-companies Subex & Sectrio Leaked
2021-12-15	Company Group LDLC
2021-12-10	Leak of IT company Saksoft
2021-12-09	Full Data Leak Linical
2021-12-04	Update: Linicals Data
2021-12-02	Groupe LDLC is going to be Leaked
2021-11-23	Team Computers Ltd. - Leak
2021-10-30	LINICAL doesn't care about digital hygiene
2021-10-06	Atlas Financial Holdings, Inc. - Leaked
2021-09-14	FULL DATA LEAK of Primary Residential Mortgage, Inc. //
2021-09-11	Primary Residential Mortgage inc. - Leaked
2021-09-09	Who is the real Bad Guys here? Or what recovery experts prefer to keep silent.
2021-07-01	Announcement: FTP
2021-06-23	GATEWAY Property Management
2021-06-06	Software company Xoriant
2021-06-05	New Leak GatewayPM
2021-05-26	NEW Links for ADATA
2021-05-25	ADATA LEAKED
2021-02-08	Webhelp's company - XtraSource
2021-01-26	Ludwig Pfeiffer Leaked
2020-12-24	Grupo SADA Leak
2020-12-23	New Data Leak post from Chemical company
2020-12-18	Kaye/Bassman International - New "Wall of Shamer"
2020-12-14	Cornerstone-BB Group Leaked
2020-12-13	Attention, Dassault Falcon Jet updated
2020-12-12	Advertising Material: Forest Construction Leaked
2020-12-10	LEAK Post Campari Group
2020-12-10	Updates with files in EastCoastSeafood Inc.
2020-12-10	New "WallofShamer" - East Coast Seafood Inc.
2020-12-06	Shasun Chemicals & Drugs Ltd. LEAK
2020-12-05	JMA Energy LEAK
2020-11-30	New Files For Leak Campari Post
2020-11-10	Ragnar_Team Announce of Potential "WallofShamer"
2020-11-08	LEAK Post CAPCOM
2020-11-08	LEAK post FINSA
2020-11-01	Official appeal to DASSAULT FALCON JET
2020-10-30	DASSAULT FALCON JET
2020-10-20	Security breach of CAPCOM network
2020-10-08	Security breach of Campari Group network
2020-09-27	BIOLOGICAL E. Ltd. (BE) LEAK POST
2020-07-13	Insignia Environmental company.
2020-06-22	Astro Industries, Inc.
2020-06-22	Bailey&Galyen Attorney at Law
2020-06-22	New leaks from SOLTEK PACIFIC
2020-06-22	GST Autoleather Company !
2020-06-22	ST Engineering
2020-06-19	Leaks from company EDP Group
2020-06-19	Leaks from company Omniga GmbH & Co.
2020-06-11	Leakage from company Catania, Mahon & Rider, PLLC
2020-06-11	Brunner Announce – Hello World !
2020-06-10	Leaks Company Birch Communications inc.