What You Need to Know About The Latest Ragnar Locker Ransomware Attack

The Ragnar Locker Virus is not one you may have heard about, but if you’re a gamer, you’ll be hearing plenty about it soon enough. It’s been around for roughly a year, making its debut in December of 2019. It is a data encryption malware that specifically targets Microsoft Windows operating systems, and it appears to be more sophisticated than its predecessors. This new ransomware made headlines this week when it was revealed that on November 5th videogame giant Capcom succumbed to an attack that affected certain systems like file systems and emails and reportedly encrypted 1 terabyte of sensitive data. If you are unfamiliar with what ransomware attacks are, we’ve covered it in a previous blog, so click here to get caught up and then come back and finish reading!

Anyone who has played “Resident Evil”, “Darkstalkers”, or “Street Fighter” will be familiar with the multi-million dollar Japanese gaming company that started back in the late 1970s. And although they are claiming that no customer data was stolen, we thought it was still worth looking into. The attack was first detected on the morning of Monday, November 2nd when it was confirmed that an unauthorized third party hacked into their database. Capcom halted some of its internal operations later that day.

“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders.” the company stated in a release on its website. “ Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites”.

According to their website, they have involved police and other authorities to aid them in their investigation. You can read their official statement here. According to Bleeping Computer, a website that covers technology news, they got a copy of the ransom note delivered to Capcom, and it claims that the cyber-terrorists downloaded more than 1 TB of company data which included financial files and banking statements, corporate agreements and contracts, intellectual property, non-disclosure agreements, and private corporate correspondences such as emails, audit reports, and marketing presentations.

So be aware that if you have every shared any sensitive information with Capcom, it is possible that it may very well be in the hands of cyber-criminals, and be extra cautious of any suspicious emails claiming to be from them.

How is Ragnar Locker Ransomware different?

This year in general has seen a spike in normal ransomware targeting, with hospitals, universities, and even county elections falling victims to malicious attacks. Cyber-terrorists are particularly ruthless because they have leveraged every possible advantage during the pandemic to grow rich off of the misfortune of others.

Case in point: earlier this year in April, Portuguese media reported that Energias de Portugal, an international energy giant, and one of the largest European operators in energy and wind sectors, was hit by a Ragnar Locker attack while the country was experiencing a state of emergency due to COVID-19. There are conflicting reports as to how much money was demanded, but it was rumored to be close to 10 million euros. It is also widely believed that many of these types of ransomware operations are created in Russia or other CIS countries. The following is an actual Ragnar Locker ransom note:

“It’s not late to say happy new year right? but how didn’t i bring a gift as the first time we met #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won’t decrypt your files without our tool but don’t worry,you can follow the instructions to decrypt your files

1.obviously you need a decrypt tool so that you can decrypt all of your files

2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay

3.i will reply a specific price e.g 1.0011 or 0.9099 after i received your mail including your DEVICE ID

4.i will send your personal decrypt tool only work on your own machine after i had check the ransom paystatus

5.you can provide a file less than 1M for us to prove that we can decrypt your files after you paid

6.it’s wise to pay as soon as possible it wont make you more losses

the ransome: 1 btcoin for per machine,5 bitcoins for all machines

how to buy bitcoin and transfer? i think you are very good at googlesearch

asgardmaster5@protonmail.com

ragnar0k@ctemplar.com

j.jasonm@yandex.com

Attention:if you wont pay the ransom in five days, all of your files will be made public on internet and will be deleted.”

What distinguishes Ragnar Locker Ransomware from other types of ransomware is that it is significantly more sophisticated than its predecessors. Specifically, its a new data encryption malware, that as we mentioned previously, targets operating systems that run on Microsoft Windows.

Ragnar Locker is not a one-and-done virus. The attack rolls out in stages. First, the cyber-criminals inject a module that will collect sensitive data from machines that have already been compromised and infected. From there, that data is uploaded to their servers. The perpetrators behind the malware then notify the victim of the breach, and that this sensitive data will be released to the public if a ransom is not paid.

Ragnar Locker Prevention

At present time, it’s estimated that over 80,0000 companies are vulnerable to this type of attack, with entities in the United States topping the list.

There are two main things you can do to protect your business and lessen the chances that your data will be held for ransom. The first is ensuring that any CITRIX ADC servers are up to date and that your CVE-2019-19781 vulnerability is patched. The second is making sure that Windows 10 Tamper Protection is turned on.

If this terminology is confusing and you sense that you’re in over your head, trust your gut and reach out to us to schedule a free consultation to talk about creating and implementing a Disaster Recovery Plan for you today!

Photo by Mateo Vrbnjak on Unsplash

tags