Ragnarok

Inactive
According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.
3 Victims
Mar 30, 2021 First Discovered
Dec 30, 2021 Last Discovered
1631 Days Inactive
0% Infostealer
0/2 Sites Online
Top Sectors
Financial Services 1
Technology 1
Consumer Services 1
Known Locations (2)
Decrypt Site
sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
Intelligence
📄 2 Ransom Notes
View the actual ransom notes used by this group
Victims (3)
FNBNWFL Data leaked
Financial Services Discovered: Dec 30, 2021 · Attack est.: Dec 30, 2021
Decrypt
Technology Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
Boggi Milano
Consumer Services Discovered: Mar 30, 2021 · Attack est.: Mar 30, 2021
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Tracker