Ragnarok is a ransomware group that emerged in late 2019, quickly establishing itself by targeting corporate networks with its ransomware variant. The group is primarily motivated by financial gain, employing a double extortion model where they encrypt data and threaten to leak stolen sensitive information if a ransom is not paid. Ragnarok distinguished itself by its early adoption of distributing malware via ISO files and notably deployed its ransomware inside a virtual machine to evade detection, a unique operational approach at the time. A month before its eventual shutdown, the group rebranded as 'Daytona by Ragnarok', with operations concluding and a universal decryption key released in August 2021. The group is assessed with high confidence to be of Russian or Commonwealth of Independent States (CIS) origin, evidenced by its ransomware terminating execution on systems configured with specific language IDs, including those corresponding to Russia, Belarus, Ukraine, and China.

Paises afectados

URLs nuevas detectadas en IntelTracker