FBI Says Ranzy Locker Ransomware Encrypted 30 US Companies This Year

FBI Says Ranzy Locker Ransomware Encrypted 30 US Companies This Year

The FBI said that the operators of the Ranzy Locker ransomware have compromised over 30 US companies. The agency noted that the hackers exploited various industries sectors to carry out their operations.

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

The FBI has issued a flash alert together with the Cybersecurity and Infrastructure Security Agency (CISA) to warn about various types of ransomware attacks.

Most of the victims of the Ranzy Locker attacks told the FBI that they were breached by attackers using the brute-forcing RDP credentials.

These attackers also exploited the Exchange servers’ weaknesses or used stolen credentials from previous phishing attacks.

Ranzy Locker is a ransomware gang that steals sensitive documents from victims’ networks. After that it uses encryption, a tactic similar to how other ransomware groups operate. These exfiltrated files contain sensitive information, such as customer data and financial records, and are used to extort victims – force them into paying a ransom.

Victims will be offered to use a live chat when they visit the group’s site for negotiation purposes. In addition, the operators of ransomware provide their victims with a free trial by letting them to restore a few of their files. If victims don’t pay the ransoms, attackers would publish their stolen documents on Ranzy Locker’s data leak site.

The leak site domain was used by Ako Ransomware in the past.

Ako was then rebranded to ThunderX and then to Ranzy Locker.

ThunderX was a ransomware operation that was launched in August 2020. It had weaknesses in its encryption mechanism. Soon after, the hackers fixed the bugs and relaunched their ransomware under the Ranzy Locker name.

The FBI’s Technical Information Center provided detailed information about the various tactics used in the Ranzy Locker attacks. This includes step-by-step instructions on how to implement the advised countermeasures.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.