Ragnar Locker Ransomware

« Back to Glossary Index

First spotted in December 2019, Ragnar Locker is known for targeting corporate entities, performing reconnaissance or discovery research on a network/target before executing the ransomware. It uses a variety of different techniques, including:

  • Attacking Windows Remote Desktop Protocol (RDP) connections to gain a foothold in networks
  • Exploiting managed service providers’ remote management software for network access, like ConnectWise and Kaseya
  • Gaining administrator-level access to domains
  • Using native Windows administrative tools like PowerShell and Windows Group Policy Objects (GPO) for lateral movement to Windows clients and servers

(Source: Sophos)

« Back to Glossary Index

Security news and stories right to your inbox!