Ransomware.live - Group : Ragnarlocker

Ransomware Group:

Ragnarlocker

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Sites

Favicon	Title	Type	Available	Last Visit	FQDN	Screenshot
	None		🔴	2025-01-28 10:00:56.989348	rgleak7op734elep.onion	N/A
	None		🔴	2025-01-28 10:02:01.129796	rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion	N/A
	None		🔴	2025-01-28 10:02:15.563064	p6o7m73ujalhgkiv.onion	N/A
			🟢	2025-02-21 16:01:56.008369	ragnarnwvli32xnmwudsvhbl7klzmofxeylyhcqfc5ifx5mbybq3ekqd.onion	📸

External information

https://www.sygnia.co/blog/threat-actor-spotlight-ragnarlocker-ransomware/

Tools used

Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
Advanced Port Scanner	AnyDesk	VirtualBox		Cobalt Strike		PsExec
Dsquery	Remote Manipulator System (RMS)					WMIC
PsInfo	RemoteUtilities
SoftPerfect LanSearchPro

This information is provided by Ransomware-Tool-Matrix

Yara Rules

Click here to open yara rules

Ransom Note(s)

Click here to see Ransom Note(s)

Activity over time

Worldmap

128 Victims

Scotbeef Ltd. - Leaks

Ransomware Group:

Discovery Date: 2023-10-11 22:11

Sector:

Victim: | Group:

Eicon Controle Inteligentes

Ransomware Group:

Discovery Date: 2023-10-11 19:12

Sector:

Victim: | Group:

International Presence Ltd - Leaked

Ransomware Group:

Discovery Date: 2023-10-06 16:13

Sector:

Victim: | Group:

Learning Partnership West - Leaked

Ransomware Group:

Discovery Date: 2023-10-05 14:39

Sector:

Victim: | Group:

Groupe Fructa Partner - Leaked

Ransomware Group:

Discovery Date: 2023-10-03 16:20

Sector:

Victim: | Group:

Network Pacific Real Estate - Leak

Ransomware Group:

Discovery Date: 2023-09-30 17:42

Sector:

Victim: | Group:

Astre - Leaked

Ransomware Group:

Discovery Date: 2023-09-30 17:42

Sector:

Victim: | Group:

Stratesys Full data leak

Ransomware Group:

Discovery Date: 2023-09-25 14:42

Sector:

Victim: | Group:

Announcement: COMECA Group going to be Leaked

Ransomware Group:

Discovery Date: 2023-09-22 17:45

Sector:

Victim: | Group:

Announcement: Skatax Accounting company going to be leaked

Ransomware Group:

Discovery Date: 2023-09-22 16:13

Sector:

Victim: | Group:

Retail House - Full Leak

Ransomware Group:

Discovery Date: 2023-09-22 13:15

Sector:

Victim: | Group:

Announcement: Stratesys solutions going to be leaked

Ransomware Group:

Discovery Date: 2023-09-21 16:12

Sector:

Victim: | Group:

Announcement: Stratesys solutions going to b

Ransomware Group:

Discovery Date: 2023-09-21 14:44

Sector:

Victim: | Group:

Announcement: Groupe Fructa Partner will be leaked soon

Ransomware Group:

Discovery Date: 2023-09-19 20:42

Sector:

Victim: | Group:

CITIZEN company LEAKED

Ransomware Group:

Discovery Date: 2023-09-18 23:42

Estimated Attack Date: 2023-09-17

Sector:

Victim: | Group:

Announcement: Retail House going to be LEAKED

Ransomware Group:

Discovery Date: 2023-09-17 17:40

Sector:

Victim: | Group:

Updates: Israel "MYMC"

Ransomware Group:

Discovery Date: 2023-09-15 17:39

Sector:

Victim: | Group:

Israel Medical Center - leaked

Ransomware Group:

Discovery Date: 2023-09-06 20:39

Sector:

Victim: | Group:

DOIT - Canadian IT company allowed leak of its own clients.

Ransomware Group:

Discovery Date: 2023-09-02 13:10

Sector:

Victim: | Group:

Batesville didn't react on appeal and allows Full Leak

Ransomware Group:

Discovery Date: 2023-08-08 19:04

Sector:

Victim: | Group:

Batesville Tool & Die, Inc will be leaked in 3 Days

Ransomware Group:

Discovery Date: 2023-07-31 17:07

Sector:

Victim: | Group:

Belize Electricity Limited - Leaked

Ransomware Group:

Discovery Date: 2023-07-10 16:09

Sector:

Victim: | Group:

Portugal Scotturb Data Leaked

Ransomware Group:

Discovery Date: 2023-07-05 13:58

Sector:

Victim: | Group:

Australian Universal Crane Leak

Ransomware Group:

Discovery Date: 2023-05-28 10:17

Sector:

Victim: | Group:

Autlan Metallorum, Mexican Miner Leak

Ransomware Group:

Discovery Date: 2023-05-18 17:53

Sector:

Victim: | Group:

CANTALK, Canadian translation services - Leak

Ransomware Group:

Discovery Date: 2023-04-25 18:53

Sector:

Victim: | Group:

Public Appeal to the CANTALK management

Ransomware Group:

Discovery Date: 2023-03-29 19:19

Sector:

Victim: | Group:

Temporary Leak Page #0013995NTa

Ransomware Group:

Discovery Date: 2023-03-29 19:19

Estimated Attack Date: 2023-03-10

Sector:

Victim: | Group:

New Leak in lawyers company AASP.

Ransomware Group:

Discovery Date: 2023-03-03 19:30

Sector:

Victim: | Group:

New Leak in lawyers company.

Ransomware Group:

Discovery Date: 2023-03-03 17:26

Sector:

Group:

AASP claim there was no data leakage!

Ransomware Group:

Discovery Date: 2023-02-22 19:25

Sector:

Victim: | Group:

Hundred thousands of personal data, leak preview

Ransomware Group:

Discovery Date: 2022-12-28 17:20

Sector:

AOAL - Azienda Ospedaliera di Alessandria

Victim: | Group:

Wrapex Industrial - Leaked

Ransomware Group:

Discovery Date: 2022-12-20 21:02

Sector:

Victim: | Group:

Serena Hotels - Leaked

Ransomware Group:

Discovery Date: 2022-12-20 16:52

Sector:

Victim: | Group:

ITONCLOUD - LEAKED

Ransomware Group:

Discovery Date: 2022-12-13 19:00

Sector:

Victim: | Group:

Essent company - Leaked

Ransomware Group:

Discovery Date: 2022-11-25 15:09

Sector:

Victim: | Group:

Leak Announcement - IT company ITonCLOUD

Ransomware Group:

Discovery Date: 2022-11-22 10:02

Sector:

Victim: | Group:

Belgium company Zwijndrecht - Leaked

Ransomware Group:

Discovery Date: 2022-11-16 17:57

Sector:

Victim: | Group:

DURAVIT A.G. - Announcement before publishing data

Ransomware Group:

Discovery Date: 2022-10-27 21:59

Sector:

Group:

Dollmar SpA - Leaked

Ransomware Group:

Discovery Date: 2022-10-19 03:11

Sector:

Victim: | Group:

DIPF-INTERN - Leaked

Ransomware Group:

Discovery Date: 2022-10-18 23:41

Sector:

Victim: | Group:

Fashion company ZIGI NY - Leaked

Ransomware Group:

Discovery Date: 2022-10-13 17:09

Sector:

Victim: | Group:

DMCI Holding Leaked

Ransomware Group:

Discovery Date: 2022-10-10 23:44

Sector:

Victim: | Group:

TANG CAPITAL LEAKED

Ransomware Group:

Discovery Date: 2022-10-10 17:37

Sector:

Victim: | Group:

Avalon luxury transport company - Leaked

Ransomware Group:

Discovery Date: 2022-10-05 15:58

Sector:

Victim: | Group:

AudioQuest Data Leaked

Ransomware Group:

Discovery Date: 2022-10-03 21:44

Sector:

Group:

Malayan Flour Mills Bhd. Data Leak

Ransomware Group:

Discovery Date: 2022-10-03 19:50

Sector:

Group:

Who is the real Bad Guys here? Or what recovery experts prefer to keep silent.

Ransomware Group:

Discovery Date: 2022-09-19 22:43

Sector:

Group:

TAP Air Leak of more than 1.5 million of customers and many other.

Ransomware Group:

Discovery Date: 2022-09-19 21:05

Sector:

Group:

TAP AIR PORTUGAL - 115k personal data leak

Ransomware Group:

Discovery Date: 2022-09-12 20:52

Sector:

Group:

DDoS instead of the Discuss - Nice try TAP Air

Ransomware Group:

Discovery Date: 2022-09-07 07:33

Sector:

Group:

TAP Air - First Facts

Ransomware Group:

Discovery Date: 2022-09-02 23:01

Sector:

Group:

USA Insurance company - Smith brothers File tree and some proofs

Ransomware Group:

Discovery Date: 2022-08-31 22:46

Sector:

Group:

Huge drama for Tap Air Portugal

Ransomware Group:

Discovery Date: 2022-08-31 16:49

Sector:

Group:

Announcement. Action Lab File-tree

Ransomware Group:

Discovery Date: 2022-08-23 15:14

Sector:

Group:

DESFA - Pipeline company LEAK

Ransomware Group:

Discovery Date: 2022-08-23 13:12

Sector:

Group:

Greece pipeline company breached - DESFA

Ransomware Group:

Discovery Date: 2022-08-19 18:42

Sector:

Group:

File-tree of Tang Capital

Ransomware Group:

Discovery Date: 2022-08-18 12:57

Sector:

Group:

Puma Biotechnology - decided to allow Leaks

Ransomware Group:

Discovery Date: 2022-08-02 10:43

Sector:

Group:

GENSCO Inc. - allows Leak

Ransomware Group:

Discovery Date: 2022-07-19 18:32

Sector:

Group:

Epec.PL - Lied about the absence of Leak

Ransomware Group:

Discovery Date: 2022-07-13 18:24

Sector:

Group:

New Leak: Prudential LTG.

Ransomware Group:

Discovery Date: 2022-06-24 16:59

Sector:

Group:

New Leak: Northern Data Systems

Ransomware Group:

Discovery Date: 2022-06-23 22:45

Sector:

Group:

Sierra Packaging Leaked

Ransomware Group:

Discovery Date: 2022-06-04 00:37

Sector:

Group:

Jonathan Adler Leaks

Ransomware Group:

Discovery Date: 2022-06-01 13:52

Sector:

Group:

Germany Corporation "VMT-GmbH" Leaked

Ransomware Group:

Discovery Date: 2022-05-23 21:28

Sector:

Group:

Simonson-Lumber decided to be Leaked

Ransomware Group:

Discovery Date: 2022-05-11 19:25

Sector:

Group:

Simonson-Lumber Inc. First batch of Data.

Ransomware Group:

Discovery Date: 2022-04-20 23:37

Sector:

Group:

International Centre Leaked

Ransomware Group:

Discovery Date: 2022-04-06 20:21

Sector:

Group:

Smith Transport Full Leak

Ransomware Group:

Discovery Date: 2022-03-14 17:21

Sector:

Group:

GHI Hornos Industriales Fully Leaked

Ransomware Group:

Discovery Date: 2022-03-04 23:21

Sector:

Group:

GHI Hornos Industriales first batch of Data (0,1%)

Ransomware Group:

Discovery Date: 2022-02-28 17:30

Sector:

Group:

Airspan Networks got Leaked

Ransomware Group:

Discovery Date: 2022-01-25 15:27

Sector:

Group:

IT-companies Subex & Sectrio Leaked

Ransomware Group:

Discovery Date: 2022-01-08 21:18

Sector:

Group:

Company Group LDLC

Ransomware Group:

Discovery Date: 2021-12-15 03:58

Sector:

Group:

Leak of IT company Saksoft

Ransomware Group:

Discovery Date: 2021-12-10 19:56

Sector:

Group:

Full Data Leak Linical

Ransomware Group:

Discovery Date: 2021-12-09 18:00

Sector:

Group:

Update: Linicals Data

Ransomware Group:

Discovery Date: 2021-12-04 05:01

Sector:

Group:

Groupe LDLC is going to be Leaked

Ransomware Group:

Discovery Date: 2021-12-02 17:57

Sector:

Group:

Team Computers Ltd. - Leak

Ransomware Group:

Discovery Date: 2021-11-23 21:55

Sector:

Group:

LINICAL doesn't care about digital hygiene

Ransomware Group:

Discovery Date: 2021-10-30 18:59

Sector:

Group:

Atlas Financial Holdings, Inc. - Leaked

Ransomware Group:

Discovery Date: 2021-10-06 19:41

Sector:

Group:

FULL DATA LEAK of Primary Residential Mortgage, Inc. //

Ransomware Group:

Discovery Date: 2021-09-14 15:10

Sector:

Group:

Primary Residential Mortgage inc. - Leaked

Ransomware Group:

Discovery Date: 2021-09-11 14:12

Sector:

Group:

Who is the real Bad Guys here? Or what recovery experts prefer to keep silent.

Ransomware Group:

Discovery Date: 2021-09-09 23:57

Sector:

Group:

Announcement: FTP

Ransomware Group:

Discovery Date: 2021-07-01 00:00

Sector:

Group:

GATEWAY Property Management

Ransomware Group:

Discovery Date: 2021-06-23 00:00

Sector:

Group:

Software company Xoriant

Ransomware Group:

Discovery Date: 2021-06-06 00:00

Sector:

Group:

New Leak GatewayPM

Ransomware Group:

Discovery Date: 2021-06-05 00:00

Sector:

Group:

NEW Links for ADATA

Ransomware Group:

Discovery Date: 2021-05-26 00:00

Sector:

Group:

ADATA LEAKED

Ransomware Group:

Discovery Date: 2021-05-25 00:00

Sector:

Group:

ADATA

Ransomware Group:

Discovery Date: 2021-05-01 00:00

Sector: Critical Manufacturing

Group:

Webhelp's company - XtraSource

Ransomware Group:

Discovery Date: 2021-02-08 00:00

Sector:

Group:

Ludwig Pfeiffer Leaked

Ransomware Group:

Discovery Date: 2021-01-26 00:00

Sector:

Group:

Grupo SADA Leak

Ransomware Group:

Discovery Date: 2020-12-24 00:00

Sector:

Group:

New Data Leak post from Chemical company

Ransomware Group:

Discovery Date: 2020-12-23 00:00

Sector:

Group:

Kaye/Bassman International - New "Wall of Shamer"

Ransomware Group:

Discovery Date: 2020-12-18 00:00

Sector:

Group:

Cornerstone-BB Group Leaked

Ransomware Group:

Discovery Date: 2020-12-14 00:00

Sector:

Group:

Attention, Dassault Falcon Jet updated

Ransomware Group:

Discovery Date: 2020-12-13 00:00

Sector:

Group:

Advertising Material: Forest Construction Leaked

Ransomware Group:

Discovery Date: 2020-12-12 00:00

Sector:

Group:

LEAK Post Campari Group

Ransomware Group:

Discovery Date: 2020-12-10 00:00

Sector:

Group:

Updates with files in EastCoastSeafood Inc.

Ransomware Group:

Discovery Date: 2020-12-10 00:00

Sector:

Group:

New "WallofShamer" - East Coast Seafood Inc.

Ransomware Group:

Discovery Date: 2020-12-10 00:00

Sector:

Group:

Shasun Chemicals & Drugs Ltd. LEAK

Ransomware Group:

Discovery Date: 2020-12-06 00:00

Sector:

Group:

JMA Energy LEAK

Ransomware Group:

Discovery Date: 2020-12-05 00:00

Sector:

Group:

New Files For Leak Campari Post

Ransomware Group:

Discovery Date: 2020-11-30 00:00

Sector:

Group:

Ragnar_Team Announce of Potential "WallofShamer"

Ransomware Group:

Discovery Date: 2020-11-10 00:00

Sector:

Group:

LEAK Post CAPCOM

Ransomware Group:

Discovery Date: 2020-11-08 00:00

Sector:

Group:

LEAK post FINSA

Ransomware Group:

Discovery Date: 2020-11-08 00:00

Sector:

Group:

Campari Group

Ransomware Group:

Discovery Date: 2020-11-01 00:00

Sector: Food and Agriculture

Group:

Official appeal to DASSAULT FALCON JET

Ransomware Group:

Discovery Date: 2020-11-01 00:00

Sector:

Group:

DASSAULT FALCON JET

Ransomware Group:

Discovery Date: 2020-10-30 00:00

Sector:

Group:

Security breach of CAPCOM network

Ransomware Group:

Discovery Date: 2020-10-20 00:00

Sector:

Group:

Security breach of Campari Group network

Ransomware Group:

Discovery Date: 2020-10-08 00:00

Sector:

Group:

CMA CGM (french carrier, container line)

Ransomware Group:

Discovery Date: 2020-09-28 00:00

Sector: Transportation Systems

Group:

BIOLOGICAL E. Ltd. (BE) LEAK POST

Ransomware Group:

Discovery Date: 2020-09-27 00:00

Sector:

Group:

Insignia Environmental company.

Ransomware Group:

Discovery Date: 2020-07-13 00:00

Sector:

Group:

Astro Industries, Inc.

Ransomware Group:

Discovery Date: 2020-06-22 00:00

Sector:

Group:

Bailey&Galyen Attorney at Law

Ransomware Group:

Discovery Date: 2020-06-22 00:00

Sector:

Group:

New leaks from SOLTEK PACIFIC

Ransomware Group:

Discovery Date: 2020-06-22 00:00

Sector:

Group:

GST Autoleather Company !

Ransomware Group:

Discovery Date: 2020-06-22 00:00

Sector:

Group:

ST Engineering

Ransomware Group:

Discovery Date: 2020-06-22 00:00

Sector:

Group:

Leaks from company EDP Group

Ransomware Group:

Discovery Date: 2020-06-19 00:00

Sector:

Group:

Leaks from company Omniga GmbH & Co.

Ransomware Group:

Discovery Date: 2020-06-19 00:00

Sector:

Group:

Leakage from company Catania, Mahon & Rider, PLLC

Ransomware Group:

Discovery Date: 2020-06-11 00:00

Sector:

Group:

Brunner Announce – Hello World !

Ransomware Group:

Discovery Date: 2020-06-11 00:00

Sector:

Victim: | Group:

Leaks Company Birch Communications inc.

Ransomware Group:

Discovery Date: 2020-06-10 00:00

Sector:

Group:

Energias de Portugal (EDP)

Ransomware Group:

Discovery Date: 2020-04-01 00:00

Sector: Energy

Group:

×

Infostealer information available for

Employees(s)	Customer(s)	Third Party Employee(s)

This information is provided by HudsonRock

×

import "pe"

rule ragnarlocker_ransomware {

   meta:
   
      description = "Rule to detect RagnarLocker samples"
      author = "McAfee ATR Team"
      date = "2020-04-15"
      rule_version = "v1"
      malware_type = "ransomware"
      malware_family = "Ransom:W32/RagnarLocker"
      actor_type = "Cybercrime"
      actor_group = "Unknown"
      reference = "https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/"
      hash = "9706a97ffa43a0258571def8912dc2b8bf1ee207676052ad1b9c16ca9953fc2c"
      
   strings:
   
      //---RAGNAR SECRET---
      $s1 = {2D 2D 2D 52 41 47 4E 41 52 20 53 45 43 52 45 54 2D 2D 2D}
      $s2 = { 66 ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? B8 ?? ?? ?? ?? 0F 44 }
      $s3 = { 5? 8B ?? 5? 5? 8B ?? ?? 8B ?? 85 ?? 0F 84 }
      $s4 = { FF 1? ?? ?? ?? ?? 3D ?? ?? ?? ?? 0F 85 }
      $s5 = { 8D ?? ?? ?? ?? ?? 5? FF 7? ?? E8 ?? ?? ?? ?? 85 ?? 0F 85 }
      
      $op1 = { 0f 11 85 70 ff ff ff 8b b5 74 ff ff ff 0f 10 41 }
      
      $p0 = { 72 eb fe ff 55 8b ec 81 ec 00 01 00 00 53 56 57 }
      $p1 = { 60 be 00 00 41 00 8d be 00 10 ff ff 57 eb 0b 90 }
      
      $bp0 = { e8 b7 d2 ff ff ff b6 84 }
      $bp1 = { c7 85 7c ff ff ff 24 d2 00 00 8b 8d 7c ff ff ff }
      $bp2 = { 8d 85 7c ff ff ff 89 85 64 ff ff ff 8d 4d 84 89 }
      
   condition:
   
     uint16(0) == 0x5a4d and 
     filesize < 100KB and 
     (4 of ($s*) and $op1) or
     all of ($p*) and
     pe.imphash() == "9f611945f0fe0109fe728f39aad47024" or
     all of ($bp*) and
     pe.imphash() == "489a2424d7a14a26bfcfb006de3cd226" 
}