RagnarLocker is a ransomware group that emerged in December 2019, initially known for its unique approach to ransomware deployment. The group's primary motivation is financial gain, achieved through a sophisticated double extortion model. They gained notoriety for being an early adopter and pioneer of double extortion tactics, combining data encryption with exfiltration and threatening to leak sensitive victim data on their Tor-based 'Wall of Shame' site if ransom demands were not met. A distinctive characteristic of RagnarLocker is its use of virtual machine escape techniques, specifically deploying its ransomware payload within a custom Oracle VirtualBox Windows XP virtual machine to evade detection. The group is assessed with moderate confidence to be of Eastern European origin, specifically Russian, indicated by its programming to avoid executing on systems located in former Soviet Union countries. While not operating under numerous aliases, CrowdStrike Intelligence has tracked thi

Sectores atacados

URLs nuevas detectadas en IntelTracker