Ragnarlocker

Parsing : Enabled

Description

External Analysis
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security
https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police
https://twitter.com/malwrhunterteam/status/1475568201673105409
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/analysis-and-protections-for-ragnarlocker-ransomware.html
http://reversing.fun/posts/2021/04/15/unpacking_ragnarlocker_via_emulation.html
http://reversing.fun/reversing/2021/04/15/unpacking_ragnarlocker_via_emulation.html
https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel
https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf
https://blog.blazeinfosec.com/dissecting-ragnar-locker-the-case-of-edp/
https://blog.bushidotoken.net/2022/05/gamer-cheater-hacker-spy.html
https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/
https://blog.reversing.xyz/docs/posts/unpacking_ragnarlocker_via_emulation/
https://blog.reversing.xyz/reversing/2021/04/15/unpacking_ragnarlocker_via_emulation.html
https://cyware.com/news/ragnar-locker-breached-52-organizations-and-counting-fbi-warns-0588d220/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf
https://id-ransomware.blogspot.com/2020/02/ragnarlocker-ransomware.html
https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
https://news.sophos.com/en-us/2021/02/03/mtr-casebook-uncovering-a-backdoor-implant-in-a-solarwinds-orion-server/
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://securelist.com/modern-ransomware-groups-ttps/106824/
https://securelist.com/targeted-ransomware-encrypting-data/99255/
https://seguranca-informatica.pt/ragnar-locker-malware-analysis/
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://twitter.com/AltShiftPrtScn/status/1403707430765273095
https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion
https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom
https://www.acronis.com/en-sg/articles/ragnar-locker/
https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/
https://www.bleepingcomputer.com/news/security/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/
https://www.bleepingcomputer.com/news/security/japanese-game-dev-capcom-hit-by-cyberattack-business-impacted/
https://www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/
https://www.capcom.co.jp/ir/english/news/pdf/e210413.pdf
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1
https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.ic3.gov/Media/News/2022/220307.pdf
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ragnarlocker-ransomware-threatens-to-release-confidential-information
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
https://www.theregister.com/2022/03/09/fbi_says_ragnar_locker_ransomware/
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/analysis-and-protections-for-ragnarlocker-ransomware.html
https://www.waterisac.org/system/files/articles/FLASH-MU-000140-MW.pdf
https://www.zdnet.com/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/
Urls
Screen
http://rgleak7op734elep.onion
http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/
Screen
File servers
Screen
http://p6o7m73ujalhgkiv.onion
http://2dxxyil6kur3qpht2tkklupdgacrcbfun6qf5jmk3hafmt6n6ockbzid.onion
http://goh2zbohdiblk23scvtae7delci5cioy73la2lnrduxutxksl7xiscqd.onion
http://t2w5byhtkqkaw6m543i6ax3mamfdy7jkkqsduzzfwhfcep4shqqsd5id.onion
http://wxbpssv4hiwlcgt4cxam3cznu4feqgf5pqfibbku3x6dwvtcakdkyeid.onion
http://xxbsnxdqmthgpydddmuvg7yzy6pdfnlnlepxa5my4mjiqjsee6yidhyd.onion
http://7twfgaqyik3xfuu4.onion
Chat servers
Screen
http://ragnarmj3hlykxstyanwtgf33eyacccleg45ctygkuw7dkgysict6xyd.onion/
Screen

Posts

Date Title Description Screen
2023-10-12
Scotbeef Ltd. - Leaks
Screen
2023-10-11
Eicon Controle Inteligentes
Screen
2023-10-06
International Presence Ltd - Leaked
Screen
2023-10-05
Learning Partnership West - Leaked
Screen
2023-10-03
Groupe Fructa Partner - Leaked
Screen
2023-09-30
Network Pacific Real Estate - Leak
Screen
2023-09-30
Astre - Leaked
Screen
2023-09-25
Stratesys Full data leak
Screen
2023-09-22
Announcement: COMECA Group going to be Leaked
Screen
2023-09-22
Announcement: Skatax Accounting company going to be leaked
Screen
2023-09-22
Retail House - Full Leak
Screen
2023-09-21
Announcement: Stratesys solutions going to be leaked
Screen
2023-09-21
Announcement: Stratesys solutions going to b
Screen
2023-09-19
Announcement: Groupe Fructa Partner will be leaked soon
Screen
2023-09-19
CITIZEN company LEAKED
Screen
2023-09-17
Announcement: Retail House going to be LEAKED
Screen
2023-09-15
Updates: Israel "MYMC"
Screen
2023-09-06
Israel Medical Center - leaked
Screen
2023-09-02
DOIT - Canadian IT company allowed leak of its own clients.
Screen
2023-08-08
Batesville didn't react on appeal and allows Full Leak
Screen
2023-07-31
Announcement: Batesville Tool & Die, Inc will be leaked in 3 Days
Screen
2023-07-10
Belize Electricity Limited - Leaked
Screen
2023-07-05
Portugal Scotturb Data Leaked
Screen
2023-05-28
Australian Universal Crane Leak
Screen
2023-05-18
Autlan Metallorum, Mexican Miner Leak
Screen
2023-04-25
CANTALK, Canadian translation services - Leak
Screen
2023-03-29
Public Appeal to the CANTALK management
Screen
2023-03-29
Temporary Leak Page #0013995NTa
2023-03-03
New Leak in lawyers company AASP.
Screen
2023-03-03
New Leak in lawyers company.
2023-02-22
AASP claim there was no data leakage!
Screen
2022-12-28
Hundred thousands of personal data, leak preview
Screen
2022-12-21
Wrapex Industrial - Leaked
Screen
2022-12-20
Serena Hotels - Leaked
Screen
2022-12-13
ITONCLOUD - LEAKED
Screen
2022-11-25
Essent company - Leaked
Screen
2022-11-22
Leak Announcement - IT company ITonCLOUD
Screen
2022-11-16
Belgium company Zwijndrecht - Leaked
Screen
2022-10-27
DURAVIT A.G. - Announcement before publishing data
2022-10-19
DIPF-INTERN - Leaked
Screen
2022-10-19
Dollmar SpA - Leaked
Screen
2022-10-13
Fashion company ZIGI NY - Leaked
Screen
2022-10-11
DMCI Holding Leaked
Screen
2022-10-10
TANG CAPITAL LEAKED
Screen
2022-10-06
Avalon luxury transport company - Leaked
Screen
2022-10-04
AudioQuest Data Leaked
Screen
2022-10-04
Malayan Flour Mills Bhd. Data Leak
Screen
2022-09-19
TAP Air Leak of more than 1.5 million of customers and many other.
Screen
2022-09-14
DDoS instead of the Discuss - Nice try TAP Air
Screen
2022-09-14
TAP AIR PORTUGAL - 115k personal data leak
Screen
2022-09-03
TAP Air - First Facts
Screen
2022-09-01
USA Insurance company - Smith brothers File tree and some proofs
2022-08-31
Huge drama for Tap Air Portugal
Screen
2022-08-23
DESFA - Pipeline company LEAK
Screen
2022-08-23
Announcement. Action Lab File-tree
2022-08-19
Greece pipeline company breached - DESFA
Screen
2022-08-18
File-tree of Tang Capital
Screen
2022-08-02
Puma Biotechnology - decided to allow Leaks
Screen
2022-07-19
GENSCO Inc. - allows Leak
Screen
2022-07-13
Epec.PL - Lied about the absence of Leak
Screen
2022-07-02
New Leak: Northern Data Systems
Screen
2022-07-02
New Leak: Prudential LTG.
Screen
2022-06-04
Sierra Packaging Leaked
Screen
2022-06-01
Jonathan Adler Leaks
Screen
2022-05-23
Germany Corporation "VMT-GmbH" Leaked
Screen
2022-05-11
Simonson-Lumber decided to be Leaked
Screen
2022-04-21
Simonson-Lumber Inc. First batch of Data.
2022-04-06
International Centre Leaked
Screen
2022-03-14
Smith Transport Full Leak
Screen
2022-03-05
GHI Hornos Industriales Fully Leaked
Screen
2022-02-28
GHI Hornos Industriales first batch of Data (0,1%)
Screen
2022-01-27
Airspan Networks got Leaked
Screen
2022-01-25
IT-companies Subex & Sectrio Leaked
Screen
2021-12-15
Company Group LDLC
Screen
2021-12-10
Leak of IT company Saksoft
Screen
2021-12-09
Full Data Leak Linical
Screen
2021-12-04
Update: Linicals Data
Screen
2021-12-02
Groupe LDLC is going to be Leaked
Screen
2021-11-23
Team Computers Ltd. - Leak
Screen
2021-10-30
LINICAL doesn't care about digital hygiene
Screen
2021-10-06
Atlas Financial Holdings, Inc. - Leaked
Screen
2021-09-14
FULL DATA LEAK of Primary Residential Mortgage, Inc. //
Screen
2021-09-11
Primary Residential Mortgage inc. - Leaked
Screen
2021-09-09
Who is the real Bad Guys here? Or what recovery experts prefer to keep silent.
Screen
2021-07-01
Announcement: FTP
Screen
2021-06-23
GATEWAY Property Management
Screen
2021-06-06
Software company Xoriant
Screen
2021-06-05
New Leak GatewayPM
Screen
2021-05-26
NEW Links for ADATA
Screen
2021-05-25
ADATA LEAKED
Screen
2021-02-08
Webhelp's company - XtraSource
Screen
2021-01-26
Ludwig Pfeiffer Leaked
Screen
2020-12-24
Grupo SADA Leak
Screen
2020-12-23
New Data Leak post from Chemical company
Screen
2020-12-18
Kaye/Bassman International - New "Wall of Shamer"
Screen
2020-12-14
Cornerstone-BB Group Leaked
Screen
2020-12-13
Attention, Dassault Falcon Jet updated
Screen
2020-12-12
Advertising Material: Forest Construction Leaked
Screen
2020-12-10
LEAK Post Campari Group
Screen
2020-12-10
Updates with files in EastCoastSeafood Inc.
Screen
2020-12-10
New "WallofShamer" - East Coast Seafood Inc.
Screen
2020-12-06
Shasun Chemicals & Drugs Ltd. LEAK
Screen
2020-12-05
JMA Energy LEAK
Screen
2020-11-30
New Files For Leak Campari Post
Screen
2020-11-10
Ragnar_Team Announce of Potential "WallofShamer"
Screen
2020-11-08
LEAK Post CAPCOM
Screen
2020-11-08
LEAK post FINSA
Screen
2020-11-01
Official appeal to DASSAULT FALCON JET
Screen
2020-10-30
DASSAULT FALCON JET
Screen
2020-10-20
Security breach of CAPCOM network
Screen
2020-10-08
Security breach of Campari Group network
Screen
2020-09-27
BIOLOGICAL E. Ltd. (BE) LEAK POST
Screen
2020-07-13
Insignia Environmental company.
Screen
2020-06-22
Astro Industries, Inc.
Screen
2020-06-22
Bailey&Galyen Attorney at Law
Screen
2020-06-22
New leaks from SOLTEK PACIFIC
Screen
2020-06-22
GST Autoleather Company !
Screen
2020-06-22
ST Engineering
Screen
2020-06-19
Leaks from company EDP Group
Screen
2020-06-19
Leaks from company Omniga GmbH & Co.
Screen
2020-06-11
Leakage from company Catania, Mahon & Rider, PLLC
Screen
2020-06-11
Brunner Announce – Hello World !
Screen
2020-06-10
Leaks Company Birch Communications inc.
Screen