Total Tests:

Ragnar Locker Ransomware Gang Employs New Tactics: Leaking Data if Victims Contact the FBI

By Scott Ikeda for CPO Magazine
Wednesday, September 15, 2021

Of course, it remains to be seen if Ragnar Locker will actually follow through with the threat. Ransomware gangs want to get paid first and foremost, and torching the deal as soon as a negotiator is contacted seems to be a move that would bring their overall revenues down considerably.

And as Ilia Kolochenko (Founder/CEO and Chief Architect of ImmuniWeb) observes, stolen data from victims is often not even worth making an extortion attempt with: “Sometimes, cybercriminals just steal pretty worthless information and its eventual publication will have no tangible damage. Contrariwise, when regulated data, such as medical records, is stolen, breached companies have a duty to report the incident to competent authorities as a matter of law. If they conceal the incident, they may face harsh legal ramifications including criminal prosecution. Furthermore, as countless cases convincingly illustrate, following the instructions of ransomware gangs never guarantees that your data won’t be leaked or resold sooner or later.”

As Kolochenko points out, ransomware gangs also cannot be trusted to keep their word and delete stolen data. If it is worth something, odds are it will pop up for sale on the dark web at some point in time. Ransomware gangs have a spotty track record of releasing decryption keys upon payment, but that record is shaping up to be better than their rate of keeping promises to delete stolen data or not share it with other criminal elements. Kolochenko agreed with the Ragnar Locker assessment that law enforcement agencies do not always help the situation, but advises bringing in whatever outside sources are necessary to help determine what the best next steps to take are: “Most importantly, when your company falls victim to a ransomware attack, is to stay calm and rapidly assess the scope and the nature of compromised data. It is also critical to disconnect compromised systems from the Internet while preserving volatile digital evidence. Thus, if required, external forensic and cybersecurity professionals should be promptly hired under supervision of an external law firm – this may give additional advantages in court proceedings if data is eventually leaked and victims sue for damage. Once the scope and impact of the incident are clear, the victims shall make a well-informed decision whether to contact law enforcement agencies or not.” Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential