Skip to content
Get A Demo
Free SIEM

    Ragnar Locker Ransomware

    First spotted in December 2019, Ragnar Locker is known for targeting corporate entities, performing reconnaissance or discovery research on a network/target before executing the ransomware. It uses a variety of different techniques, including:

    • Attacking Windows Remote Desktop Protocol (RDP) connections to gain a foothold in networks
    • Exploiting managed service providers’ remote management software for network access, like ConnectWise and Kaseya
    • Gaining administrator-level access to domains
    • Using native Windows administrative tools like PowerShell and Windows Group Policy Objects (GPO) for lateral movement to Windows clients and servers