Ragnar Locker: "Talk to Cops or Feds and We Leak Your Data"

Ragnar Locker ransomware gang threatens victims with data leakage if they contact authorities

Alexander Alexander
Sep 8, 2021 - 07:49 Updated: Sep 8, 2021 - 08:03
Ragnar Locker: "Talk to Cops or Feds and We Leak Your Data"
Ragnar Locker: Talk to Cops or Feds and We Leak Your Data | Image Credits : Data Breach Today

As a way of increasing their power to extort money from victims, the developers of the Ragnar Locker ransomware operation have threatened to release stolen data if their victims report the attack to the police or retain the services of professional investigators or negotiators before paying the ransom.

A statement by the Ragnar Locker cybercrime gang reads "If you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately," [...] "Don't think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie," according to Bleeping Computer.

Ragnar Locker's circle has attempted to think outside the box in the past. In November, Ragnar Locker hijacked a third-party Facebook account in order to post a message warning Campari, an Italian alcohol manufacturer, that their crypto-locked systems had been compromised and would be exposed unless a ransom was paid. Ragnar Locker has also attempted to think outside the box in other ways. It appears that the current attempt by the blackmailers is geared at pressing their victims to respond rather than to think about their options.

The ransomware operator claims victims who hire expert negotiators only complicate the recovery process

"So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately," reads the note posted by the cybercriminal group.

The ransomware used by the Ragnar Locker perpetrators is typically manually deployed by them onto victims' PCs, which are then encrypted. Prior to encryption, they scout out network resources, company backups, and other sensitive files to steal.

Ragnar Locker ransomware group posts warning on their darknet leak site | Image Credits: BleepingComputer

Ragnar Locker ransomware group posts warning on their darknet leak site | Image Credits: BleepingComputer

Tags: