← Back to Ransomware Tracker

Ragnarok

Inactive
According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.
3 Victims
Mar 30, 2021 First Discovered
Dec 29, 2021 Last Discovered
1541 Days Inactive
0% Infostealer
0/2 Sites Online
Top Sectors
Commercial Facilities 1
Known Locations (2)
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
Decrypt Site
sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
Intelligence
📄 2 Ransom Notes
View the actual ransom notes used by this group
Victims (3)
FNBNWFL Data leaked
Discovered: Dec 30, 2021 · Attack est.: Dec 30, 2021
Decrypt
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
Boggi Milano
Commercial Facilities Discovered: Mar 30, 2021 · Attack est.: Mar 30, 2021
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Tracker