Ragnarok Group

Hacker Group

Incidents Associated with this Threat Actor

Incident Date Victim Description
2020-04-13 EDP Ransom Attack

10TB of sensitive data stolen and threatened to publish. Requested ransom of 1,580 BTC (Bitcoin – a value of €9.9MM)

Malware Associated with This Threat Actor

Name Type Associated Threat Actor(s) Description
Ragnar Locker Ransomware Ragnarok Group

A new ransomware attack method takes defense evasion to a new level—deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine. The attack payload was a 122 MB installer with a 282 MB virtual image inside—all to conceal a 49 kB ransomware executable.

Reference: https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/


There are no associated references.