The nefarious ransomware gang known as Ragnar Locker is now warning that it will disclose stolen data records in the event that its victims inform law enforcement agencies like the USA’s Federal Bureau of Investigation (FBI) of attacks.

A well-known name in cybercrime, Ragnar Locker has a history of targeting prominent enterprises with its disruptive ransomware assaults and requesting ransom payments from victims, often amounting to millions of dollars.

Full data to be exposed

In a recent announcement posted on Ragnar Locker’s dedicated leak site on the dark web, the notorious gang has threatened that it will publish its victims’ full data records if they should attempt to seek out assistance from either investigative agencies or law enforcement authorities after being hit by a ransomware attack.

The ransomware gang’s threat also extends to its victims that contact data recovery professionals to try and decrypt files encrypted by the malware, or to assist with the negotiation process on behalf of the target.

In the event that a victim attempts such action, Ragnar Locker has stated it will publish all stolen data on its darknet site.

The ransomware outfit comments on the leak site that victim organisations that enlist the aid of “professional negotiators” will only make the recovery process more difficult. This is because negotiators for hire are often operating alongside data recovery firms that are affiliated with the authorities.

Ragnar Locker states:

“So, from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately.”

A biography of ransomware attacks

Ragnar Locker threat operators are known by cybersecurity specialists for using manual deployment of ransomware payloads to effectively encrypt the systems of their targets. It has also been observed that they spend considerable time carrying out in-depth reconnaissance to identify company backups, network resources, among other sensitive records they can steal prior to the data encryption phase of an attack.

Ragnar Locker’s previous victims to date have included the computer chip maker ADATA, Japan-based game manufacturer Capcom, and the aviation company Dassault Falcon. When the gang launched its strike on Capcom, reports indicate it encrypted around 2,000 enterprise devices on the organisation’s dedicated network before demanding an $11m ransom (approximately £8m) payment in exchange for the decryption key.

This recent announcement by the ransomware group heaps additional pressure on victims, as in the present environment of ever increasing cyberattacks, world governments are strongly advising enterprises against the payment of ransoms.

Here in the UK, Priti Patel, Home Secretary, commented this year:

“The government has a strong position against paying ransoms to criminals, including when targeted by ransomware. Paying a ransom in response to ransomware does not guarantee a successful outcome.”

Experts believe that paying ransoms only motivates cybercriminals to continue targeting victims and incentivises other cybercriminal groups, leading them to adopt the same tactics, increasing the number of attacks made each year.