On Saturday, 20 August, Greece’s greatest pure gasoline provider DESFA said it was strike by a cyber-attack that impacted the availability of some of its units.
The hacking group working beneath the name of Ragnar Locker claimed duty for the ransomware attack, declaring it had posted much more than 360 GB of data allegedly stolen from DESFA.
Practically two months after the attack, security researchers from Cybereason have now unveiled a Danger Analysis Report describing the information of the attack.
“Ragnar Locker is a ransomware that has been in use considering the fact that at the very least December 2019 and is normally aimed at English-talking buyers,” reads the document. “The Ragnar Locker ransomware has been on the FBI’s radar considering that the gang breached extra than fifty businesses throughout 10 critical infrastructure sectors.”
The Cybereason advisory implies that the to start with thing Ragnar Locker performs immediately after infecting a system is to verify the infected machine’s locale. If it finds a match with specified nations, such as Russia, Ukraine and Belarus, the malware does not execute, and the approach is terminated.
If not, the ransomware commences extracting data about the infected machine and tries to detect the present file volumes on the host. Soon after the identification section, Ragnar Locker begins encrypting documents and results in a ransom observe, which is then displayed to the sufferer.
Cybereason also says that Ragnar Locker is able to verify if particular products and solutions are installed, especially security program like antivirus, digital-dependent software program, backup options and IT distant administration answers, in purchase to circumvent their defenses and stay away from detection.
The attack on DESFA marks the 2nd time a major pipeline company has been hit by ransomware in current periods, next the Colonial Pipeline attack in May 2021.
Much more recently, the UK, US and Australian authorities have issued a joint warning aimed at critical national infrastructure (CNI) companies to phase up their security attempts amid a surge in ransomware attacks.
Some elements of this write-up are sourced from: