Ragnar Locker Ransomware

The Ragnar Locker Ransomware is a file-locking Trojan that blocks your PC's media files while awaiting ransom payments. This Trojan's payload implies a particular, but not exclusive focus on business-based targ necessarily, such as poorly-secured networks with MSP software. Users can follow standard guidelines for protecting their work beforehand and use dedicated anti-malware tools for detecting or deleting the Ragnar Locker Ransomware.

Trojans Expecting Heavy Prices Paid

While the file-locking Trojan industry is one that's not to underestimate, most of the ransoms it collects are modest relatively – between several hundred to almost one thousand dollars, generally. Whether due to bravery, ignorance, or other reasons, some threat actors buck this tradition by asking for far more than their counterparts. The Ragnar Locker Ransomware's campaign boasts of one of the most expensive ransoms to date, currently, matched only by Italy's old Cassetto Ransomware.

The Ragnar Locker Ransomware is a Windows-based threat, like the Globe Ransomware, the Scarab Ransomware, or numerous other Ransomware-as-a-Services, although it has no familial attachment to them. Its initial attacks incorporate some anti-security features, which malware experts deem typical for a threat of this kind. What's more unusual than that slightly is its capability for auto-terminating the processes of MSM (or managed service provider) applications, such as ConnectWise. Doing so blocks administrators from stopping the infection before it finishes its goal of encrypting files.

The Ragnar Locker Ransomware uses an unknown algorithm in its encryption routine, which locks documents, images and similar formats. The Ragnar Locker Ransomware also includes an extension-appending change with a portion of its name and a randomized ID for victims. Lastly, the Ragnar Locker Ransomware creates a unique text message for demanding an incredibly expensive ransom – twenty-five Bitcoins, AKA over 200,000 dollars.

Some other portions of the English ransom note also are worth noting. While the threat actor offers an e-mail address, there also is an alternative communication channel via qTox, an encrypted peer-to-peer messenger. The ransom demand also has two deadlines, one which doubles the already-substantial price.

:Lightening the Cost of Encryption Attacks

Most of the details of the Ragnar Locker Ransomware's payload suggest that it's targeting businesses with significant funding. However, it should be just as threatening to the files on any Windows computer virtually. All users can better protect themselves by maintaining standard security protocols. Such precautions include, among others, not enabling macros or advanced content on suspicious documents and spreadsheets, avoiding torrents, updating software regularly, and using passwords that aren't prone to cracking under brute-force attacks.

There is no free decryption service for the Ragnar Locker Ransomware, which is unlikely to use a vulnerable encryption method. Users might have a chance of recovering through advanced repair tools, but doing so is always statistically unlikely. Most infections are best kept damaging minimally by the victims having backups safe in another place that Trojans like the Ragnar Locker Ransomware can't destroy.

While the Ragnar Locker Ransomware is new, it is investing little into avoiding detection, favoring attacking and subverting administrative utilities before being caught. Most anti-malware programs are finding and removing the Ragnar Locker Ransomware appropriately.

If anything is surprising about the Ragnar Locker Ransomware, it's how much it's planning on making off of its campaign. The audacity of criminals knows no bounds – except for the hard limits they run against when attacking someone who's bothered backing their work up safely.