Ragnar Locker Ransomware gangs have reportedly targeted 52 Critical National Infrastructures(CNI) operating in the United States and are supposed to avoid those businesses linked to Russian Federation.
According to a flash update released by CISA, over 10 organizations operating for CNI sectors- including energy, manufacturing, finance, and governments- were infected by the said file-encrypting malware in January this year and the activity has something to do with the ongoing Russian war with Ukraine.
Brandon Wales, the Executive Director of Cybersecurity and Infrastructure Security Agency (CISA) confirmed the news and added that small and medium scale businesses functioning across the United States should improve their vigil against such state-funded threats.
Speaking at an event hosted by the Aspen Institute on Tuesday, Mr. Wales expressed his mind stating that tools, techniques, and procedures employed by the Ragnar Locker group have changed in recent times. They have evolved into a sophisticated hacking group capable of terminating services used by managed service providers and remote network admins.
After doing so, the file-encrypting malware deletes all volume shadow copies, thus preventing recovery of encrypted files thereafter.
Details of companies that were encrypted were held back with a reason, and the FBI predicts that Vladimir Putin will soon turn grumpy with America and might launch a cyberwar straight away with the Joe Biden-led the nation in a couple of weeks.
Note- A similar flash alert was issued by the Federal Bureau of Investigation in 2020 and the warning specified clearly that companies operating in Azerbaijan, Armenian, Belorussian, Kazakh, Moldavian, Tajik, Turkmen, Uzbek, Georgian, Ukrainian should be vigilant against Rangar Locker gang and must deploy proactive security measures in place to neutralize any effects occurring because of the threats.