fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI Warns Of Increasing Ragnar Locker Ransomware Activity

FBI Warns Of Increasing Ragnar Locker Ransomware Activity

The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.

The MU-000140-MW flash alert issued to partners by the FBI yesterday was coordinated with DHS-CISA and it provides security professionals and system admins with indicators of compromise to guard against the persistent malicious actions of this ransomware gang.

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” the FBI says in the TLP:WHITE flash alert.

“Since then, Ragnar Locker has been deployed against an increasing list of victims, including cloud service providers, communication, construction, travel, and enterprise software companies.”

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

Ragnar Locker tactics

Ragnar Locker actors will manually deploy the ransomware payloads to encrypted the victims’ systems after a reconnaissance stage to help them discover network resources, company backups, and various other sensitive files to be collected for data exfiltration.

The ransomware gang is also known for frequently switching payload obfuscation techniques to evade detection, as well as for having used custom packing algorithms and encrypting the victims’ files from Windows XP virtual machines deployed on their systems.

Ragnar Locker’s malware will also list all running services to kill those used by managed service providers to remotely manage their clients’ networks.  

After going through reconnaissance and pre-deployment stages, Ragnar Locker actors drop a highly targeted ransomware executable that adds a custom “RGNR_” extension where is a hash of the computer’s NETBIOS name.

This ransomware features an embedded RSA-2048 key and it will also drop custom ransom notes on encrypted systems.

The Ragnar Locker ransom notes include the victim’s company name, a link to the Tor site, and the data leak site where the ransomware gang will publish the victim’s data.

EDP ransomware attack

While the FBI did not provide further info regarding the large corporation whose systems were encrypted in April, the details perfectly match an attack against the multinational energy giant Energias de Portugal (EDP).

EDP is one of the largest European energy sector operators with over 11.500 employees and it delivers energy to more than 11 million customers in 19 countries and on 4 continents.

The Ragnar Locker attackers were able to exfiltrate roughly 10TB of confidential company information on billing, contracts, transactions, clients, and partners.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

They also stole a KeePass password manager database export containing EDP employees’ login names, passwords, accounts, URLs, and notes.

An EDP spokesperson told BleepingComputer that the attack had no impact on the company’s critical infrastructure and power supply service.

During the last year, the FBI has also issued warnings on LockerGoga, MegaCortexMazeNetwalker, and ProLock ransomware following a public service announcement regarding high-impact ransomware attacks against public and private U.S. organizations from October 2019.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us