Skip to content
Sign In Subscribe
Cybersecurity | english only |NewsCybersecurityEnergyEnglishEnergy | english only |

Ragnar Locker Ransomware Targeting the Energy Sector

 and  Katalin Béres
1 min read

Table of Contents

In this Threat Analysis Report, the Cybereason GSOC investigates the Ragnar Locker malware family, a ransomware and a ransomware operator which has recently claimed to have breached DESFA, a Greek pipeline company.
This report provides context over this recent breach as well as an overview of the Ragnar Locker ransomware through a dynamic analysis and a reverse engineering analysis.
KEY FINDINGS
Breach of a Pipeline Company : DESFA is a strategic energy-related company that has been claimed by Ragnar Locker as their victim.
Security Evasion Capabilities : Ragnar Locker checks if specific products are installed, especially security products (antivirus), virtual-based software, backup solutions and IT remote management solutions.
Ransomware Actors Targeting the Energy Sector : This is the second important pipeline company that has been hit by ransomware, along with Colonial Pipeline. Furthermore, four energy companies have been hit recently by ransomware, including three in Europe.
Active for Three Years : Ragnar Locker is both a ransomware group and the name of the software in use. They have been running since 2019 and targeting critical industries. They use the double extortion scheme.
Excluding the Commonwealth of Independent States : Ragnar Locker avoids being executed from countries since the group is located in the Commonwealth of Independent States (CIS).
THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector
Ragnar Locker is a ransomware family with security evasion capabilities which is targeting the energy sector and recently claimed to have breached DESFA, a Greek pipeline company...
Cybereason Global SOC Team

#Report

Related

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28
Cybersecurity | english only |

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28

Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of

 and  Katalin Béres
Members Public
Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App
Cybersecurity | english only |

Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App

Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies,

 and  Katalin Béres
Members Public
Analysis of the "#VulkanFiles" Leak
Cybersecurity | english only |

Analysis of the "#VulkanFiles" Leak

A whistleblower has provided several media organizations with access to leaked documents from a Russian IT firm named NTC Vulkan (Russian: НТЦ Вулкан) that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. Journalists from Der Spiegel and Munich-based investigative group Paper

 and  Katalin Béres
Members Public

Latest