NS Flash alert Published Monday by the Federal Bureau of Investigation, which emphasizes the effectiveness of Ranji Rocker Ransomware This year I have been involved in a US company. At least 30 US companies have been affected by this cyber threat targeting various industry sectors, according to an FBI statement.
The FBI, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), issued this flash alert under discussions released for informational purposes. This is because it was developed to help security professionals find detection and protection technologies that block ransomware attempts.
The report also includes Remote Desktop Protocol (RDP) credentials. Brute Forcing It was the most used type of cyberattack aimed at compromised networks.
Vulnerable Microsoft Exchange servers have also been exploited during cyberattacks, and phishing attacks represent another segment of the server where the hacker’s primary tool was reported to be stolen credentials.
The FBI’s Flash Alerts are traces of YARA’s rules and intrusions aimed at how the Ranzy Locker attack deploys, what mitigations can be taken, and help for detection and defense purposes. It also provides technical details about the IOC).
An unknown cybercriminal using Ranzy Locker ransomware has infringed more than 30 US companies as of July 2021. (..) Victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.
Ranji Locker: How it works
NS Bleeping Computer Publications As mentioned, RanzyLocker works as follows:
- Hackers reach the target network.
- Before encrypting the system, perform the theft of unencrypted files, the so-called double blackmail.
- The stolen information can be customer data, PII (personally identifiable information), or financial data.
- Basically, the victims are threatened as follows Data leak If not Pay the ransom;
- When the victim visits the payment Tor site, they will see a page with the message “Locked by Ranzy Locker”.
- In addition, there is live chat for negotiation purposes.
- To prove the effectiveness of the decryption feature provided, the threat actor will only allow the victim to use the decryption feature for three files for free.
Now, the problem arises. What happens to victims who refuse to pay the ransom? Data stolen by hackers is said to be published on RanzyLeak, a data leakage site of RanzyLocker.
As the same publication above states, Ako Ransomware The latter seems to be a rebranded version of ThunderX Ransomware, also derived from Ako, as it also uses this leak site domain currently used by Ranzy Locker.
How to stay safe?
Ransomware is the most popular threat today and it is difficult to combat advanced technology. It’s important to have the best cybersecurity solutions, especially if you want to protect your business and keep it up and running.Don’t let ransomware give you bad time, and check us out Ransomware encryption protection This is packed with efficient detection and avoids malicious encryption attempts.
Ranzy Locker affected more than 30 US companies in 2021.
https://heimdalsecurity.com/blog/ranzy-locker-compromised-over-30-us-companies-the-fbi-declares/ Ranzy Locker affected more than 30 US companies in 2021.