RagnarLocker ransomware gang has added the Australian cloud hosting company ITonCLOUD to its data leak website.
ITonCLOUD is among the leading companies in the Cloud hosting space and aims to provide a complete Cloud infrastructure to hosting websites and web applications. It also offers managed desktop services, including pay-per-use models and uses enterprise-class security, SAN storage, and server virtualization allowing for fast and flexible implementations.
RagnarLocker targets ITonCLOUD
RagnarLocker is a popular threat group that relies on “double extortion” tactics and has successfully infiltrated big corporations in the energy sector, as per a report by Cybereason. The group is infamous for exfiltrating sensitive data and triggering large-scale encryption attacks.
It also maintains a “wall of shame” section on its website where threat groups add names of companies, corporations, and governments who don’t conform to the group’s agenda and ideologies.
According to the FBI’s report, over two years RagnarLocker has targeted a total of 10 “critical infrastructure entities” in the USA, bringing in millions of dollars in profit.
In the latest burst, the threat group has added ten victims to its data leak website, and ITonCLOUD seems to be the next in line. According to sources, the threat group uses a “specially-crafted virtual machine image” to create a payload to evade anti-malware detection programs within a system or network. The malware uses a “Salsa20 encryption algorithm” to encrypt files on the victim network. The algorithm provides a solid base for the payload, limiting the victim to decrypt their files and folders using brute-force methods.
About RagnarLocker ransomware gang
RagnarLocker came into the spotlight after breaching DESFA, a gas transmission system operator in Greece. The energy company was the first big victim of the threat group. As per reports, the hackers behind the groups are highly sophisticated and can detect loopholes in a company’s security systems such as security products (antivirus), backup solutions, recovery keys, and remote access solutions before initiating an attack.
The RagnarLocker ransomware gang is known for targeting the energy sector and among its victims include several pipeline companies, such as the Colonial Pipeline. The threat group has been running since 2019 and actively targets critical industries using multiple methods, including the infamous “double extortion scheme.”