Ransomware threats continue to increase in popularity and sophistication. One such threat is Ragnar Locker, a revived ransomware in the Wisconsin region which attacks compromised systems running on Microsoft Windows. Ragnar Locker was originally detected at the end of 2019 and came to prominence after attacking several large organizations, attempting to extort substantial sums of cryptocurrency. It usually targets software used by Managed Service Providers (MSP), preventing the attack from being detected. Read on to learn more about this threat and how your KerberRose Cybersecurity Consultants have the expertise and tools to protect your organization from falling victim to this and other malware attacks.
How Does Ragnar Locker Work?
Ragnar Locker is a kind of ransomware. Ransomware is a type of malware, which threatens to publish or block access to private data, unless a ransom is paid. In general, there are two kinds of ransomware: one which simply locks a system and one which uses crypto viral extortion to encrypt files and make them inaccessible. Ragnar Locker belongs to the second category.
Ragnar Locker uses the “double extortion” tactic. The “double extortion” tactic first entails stealing sensitive files, and then encrypting them. The files are extracted to a dark web site with the attackers threatening to make the files public unless the ransom is paid.
More specifically, Ragnar Locker’s form of attack is to first compromise systems through brute force by guessing weak passwords, purchasing passwords on the dark web, or exploiting social engineering tactics such as spear-phishing. During these initial phases, the ransomware stops critical programs, which Managed Service Providers use to protect their clients’ sensitive data. Files are then uploaded by a network connection to the attackers’ servers. Additionally, affected files are encrypted and made inaccessible to the victim. These files will now contain a ransom note with directions on how to pay the requested ransom in cryptocurrency.
How Can My Company Protect Itself from a Ragnar Locker Attack?
While it’s important to quickly and efficiently spot signs of a potential Ragnar Locker attack, you should have a variety of defenses in place to protect your organization before an attack occurs. We have compiled the following list of recommendations to protect your organization from Ragnar Locker and other ransomware attacks:
- Never open suspicious email attachments or weblinks. If something seems off, immediately alert your IT department.
- Run up-to-date security solutions and ensure your systems are protected with recent security patches.
- Encrypt sensitive data.
- Use multi-factor authentication and complex, difficult-to-guess passwords.
- Make secure backups off-site.
- Establish a regularly tested data backup and recovery procedure.
- Restrict access to shared drives.
- Ensure staff is educated about the risks and methods employed by cyber criminals.
- And most importantly, contract a Managed Service Provider that has the cybersecurity background needed to protect your sensitive data.
This list is not comprehensive; protecting your organization from ransomware and other cyberattacks is a complex and ongoing process. KerberRose Cybersecurity Consultants can assist you in understanding and staying up-to-date on the risks your organization faces and how to alleviate those risks.
To ensure the holistic health of your organization’s systems, our services go beyond ransomware and malware protection. We can help your organization improve internal controls and efficiency by offering cutting edge practices related to risk, governance and compliance. These services include:
- IT Managed Services
- Disaster Backup Recovery
- Penetration and Vulnerability Testing
- SIEM (Security Information and Event Management)
Our consultants also specialize in the following frameworks, controls, and risk management systems:
- System and Organization Control Reporting
- HIPAA Compliance Services
- ISO 27001
- Cybersecurity Framework CSFv1
- SANS Top 20 Critical Security Controls
- NIST 800-53
If your organization could use a Trusted Advisor, contact KerberRose today to discuss creating a partnership.