Ransomware
Ragnar Locker
First seen: 2019-12 • Status: disrupted
Disrupted by Law Enforcement
Ragnar Locker was clever - they ran their ransomware inside a virtual machine to hide from antivirus. Police finally caught them in 2023.
Overview
Ragnar Locker was known for deploying ransomware inside virtual machines to evade detection. Law enforcement disrupted the group in 2023.
Also Known As
RagnarLocker
How It Spreads
- • RDP exploitation
- • MSP targeting
What It Does
- • VM-based evasion
- • File encryption
- • Data theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for VM-based attacks
- • Watch for Ragnar signatures
MITRE ATT&CK Techniques
T1486, T1564
If You're Infected
- 1.
Check for law enforcement decryptors
- 2.
Report to authorities
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required