The FBI is warning against the activities of Ranzy Locker ransomware that has already targeted 30 companies in the U.S. Active since 2020, the ransomware group has demonstrated its abilities by crawling into the networks of multiple industries.

Ranzy a potential threat

The FBI has released a flash alert around the ransomware group, highlighting who it targets and why.
  • The targeted industries include the construction sub-sector of critical manufacturing, the academia sub-sector of government facilities, information technology, and transportation.
  • After gaining access to the target network, the attackers look for sensitive data such as customer information, PII-related files, and financial records.
  • The group runs a double extortion model, threatening victims to leak data if they did not agree with ransom demands.

Decoding attack techniques

The ransomware targets Windows servers and virtual machines.
  • Attackers attempt brute forcing techniques to crack RDP credentials. 
  • They exploit known Microsoft Exchange Server flaws and use phishing messages to target networks.
  • Additionally, they may create new accounts on domain controllers, servers, workstations, or active directories. 

So far, an account named felix has been spotted on three victim machines.

Ending notes

The recent flash alert should be taken seriously and organizations must prepare themselves with adequate security measures. It offers key mitigation steps to organizations, including regular backups, network segmentation, and reviewing domain controllers.
Cyware Publisher