FBI: Ragnar Locker ransomware breached 52 US critical infrastructure orgs

Shutterstock

The Federal Bureau of Investigation (FBI) claimed on Monday that at the very least 52 critical infrastructure entities have been breached by the Ragnar Locker ransomware group as of January 2022.

In a FLASH advisory that includes details on the indicators of compromise (IOCs) for these types of breaches, the FBI reported the 52 affected organisations have been located throughout 10 distinct sectors including vitality, fiscal services, federal government, and IT.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

Aspects of the specific entities have not been revealed, or the extent to which the ransomware gang was ready to extort the affected organisations. However, just one significant-profile goal of the team was Capcom, the attack on which impacted just about fifty percent a million men and women.

The team has been known to the FBI since April 2020 and in that time Ragnar Locker has motivated the approaches of other ransomware gangs this kind of as Maze and joined a so-referred to as ‘ransomware cartel’ with LockBit, Conti, SunCrypt, and Maze.

The risk to critical infrastructure organisations, particularly from ransomware, has been bigger in the earlier couple decades. Higher profile attacks on the likes of Colonial Pipeline have proved to threat actors that these sorts of organisations cannot afford to pay for downtime, indicating they’re extra very likely to pay a ransom need, regardless of sector information admonishing the apply. 

The FBI even made the uncommon admission in Monday’s FLASH advisory that it understands critical infrastructure organisations may well come to feel they have to have to spend the ransom given the operational importance of their expert services. Though it did reiterate that payment really should by no means be produced.

In light-weight of the heightened risk presented by ransomware, as very well as the the latest conflict in Ukraine, critical infrastructure organisations can reward from a new, no cost cyber security services sent by Cloudflare, CrowdStrike, and Ping Id, as the trio declared the initiative also on Monday.

The cyber security companies announced the start of the Critical Infrastructure Defense Job which will provide cost-free security solutions to critical infrastructure organisations as the risk of cyber attacks from them is considered to have elevated because war broke out in jap Europe. 

Vulnerable organisations can request free access to Cloudflare’s whole suite of zero rely on security products and solutions, CrowdStrike’s endpoint security and intelligence products and services, and Ping Identity’s zero belief identification products and solutions, in addition to a move-by-phase guide on how to defend in opposition to cyber attacks. 

“We depend on our infrastructure to electrical power our houses, to present accessibility to water and simple necessities, and to keep critical obtain to healthcare,” claimed Matthew Prince, co-founder and CEO at Cloudflare. “That’s why it is far more crucial than ever for the security business to band collectively and guarantee that our most critical industries are shielded and organized.”

“We are honoured to arrive jointly with CrowdStrike and Ping Identification for the duration of this time of heightened security risk to shield our nation’s most vulnerable infrastructure.”

The FBI and the US’ Cybersecurity and Infrastructure Security Agency (CISA) explained in February that organisations really should be on significant warn for cyber attacks following the formal invasion of Ukraine by Russia. 

Organisations were being encouraged to patch towards 95 typical security vulnerabilities known to be utilised usually by Russian-joined threat actors and report all incidents to CISA for the purposes of intelligence collecting.