The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies.
The group announced its new strategy with a message on its darknet leak site, the gang also extend the threat to victims that will request the help of data recovery experts and professional negotiators.
“In our practice, we has facing with the professional negotiators much more often in last days. Unfortunately it’s not making the process easier or safer, on the contrary it’s actually makes all even worse. Such negotiator are usually working in recovery-companies affiliated or even working directly in Police/FBI/investigation agency and etc. They are totally not interested in commercial success of their clients or in safety of theirs private data.” reads the announcement.
“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately. Don’t think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie. Dear clients if you want to resolve all issues smoothly, don’t ask the Police to do this for you. We will find out and punish with all our efforts.”
The ransomware operator states professional negotiators hired by the victims are not interested in the commercial success of their clients.
In the past, the Ragnar Locker gang hit high-profile organizations such as Japanese gaming firm Capcom, aviation giant Dassault Falcon, and chipmaker ADATA.
In November, the U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.
The report contains other technical details about the ransomware and provides the following recommendations to mitigate the threat:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]