Notorious Ransomware Gang Puts Victims on Edge

Ransomware gang demands absolute cooperation from victims, warns against third party involvement

Sept. 17, 2021, 1:04 p.m.

TL;DR

The Ragnar Locker ransomware group sends cold warnings to ransomware victims thinking to involve law enforcement authorities after rounds of operations demanding millions for system recovery.

The warning was clear, victims who contact private investigators and government agencies will suffer data leaks.

Key Facts

1
The group published this announcement on its darknet website a week after rumours of its dissolution.
2
The threat also concerns victims consulting experts to counter-usurp the system.
3
The group also discourages consulting private negotiators due to their ties with law enforcement authorities.
4
Eminent names on the group's victim list include CapCom, ADATA, and Dassault Falcon.

Details

Ransomware victims continue to remain on the hook, with time running out, excessive financial demands, and they are running out of options. Victims on Ragnar Locker's list will be feeling the most pressure after the group announced the warning on its website. Having to adhere to the government's ruling against meeting ransomware demands because of its after-effects on cybercrime rates and remaining on the safe line of its assailants to prevent a massive data leak must be damning.

The announcement came weeks after reports in the media suggested that the group had closed shop. The warning was clear, victims who contact private investigators and government agencies will suffer data leaks. The warning also concerns those consulting external organizations and recovery experts to perform decryption or intercede in negotiations. If these conditions are breached, the group will execute the most dreadful part of a ransomware situation; releasing the data to public view - its .onion site.

The group elucidates that involving professional negotiators only winds them up either to futility or makes the decryption process worse because professional negotiators have direct and indirect contacts in agencies they would instead not get involved with.

So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent, and we will initiate the publication of whole compromised data immediately,

the group noted on its website.

These hackers are known for their avarice; they are feared for their fastidious modus operandi. They spend quality time on recon, maneuvering through network resources, backup options, and core files they can usurp before the data encryption process. Simply put, they are very thorough.

BleepingComputer attests that game company CapCom, air services company Dassault Falcon, and chipmaker ADATA are on the list of past victims. While they may be past victims, they are not in the clear. Ransomware hackers are recently in the practice of not fulfilling their end of the bargain; they deliberately deliver incomplete decryption leaving a possibility for future attacks.

This would mean these threats are of significant concern to new and old victims. Governments of technologically advanced companies are not compromising on their mandate to stop ransomware victims from paying their attackers because it incentivises their other threat actor groups.