The FBI has warned organizations of a ransomware group that is targeting critical infrastructure sectors in the U.S.
RagnarLocker ransomware, which compromised 52 entities from 10 critical U.S. infrastructure sectors, is deployed by criminals who are part of a ransomware family that targets network resources, backups or other sensitive files in order to encrypt and steal it.
The group has evaded detection by frequently changing its techniques, but the ransomware is commonly identified by the extension “.RGNR_<ID>," or by “RAGNAR_LOCKER," a name the group uses on its ransomware note, with instructions on how to pay.
The FBI urged admins and security professionals who detect RagnarLocker activity to share any related information with their local FBI Cyber Squad.
Useful info that would help identify the threat actors behind this ransomware gang includes copies of the ransom notes, ransom demands, malicious activity timelines or payload samples.
The FBI added that paying ransoms will not necessarily prevent leaks of stolen data or future attacks. Intead, ransom payment might further motivate the group to target additional organizations and incentivize other attacks.