The FBI has issued an alert pertaining to the RagnarLocker ransomware gang, which uses carefully designed techniques such as running ransomware inside a virtual machine. This process helps to evade antivirus detection and allows the RagnarLocker threat actors to remain hidden for an extended period of time. The FBI stated that it became aware of the group in April of 2020, and by January of this month it had attacked 52 known organizations. The organizations are spread between 10 different sectors, including government, tech, manufacturing, energy, and financial services.
RagnarLocker regularly changes its techniques to keep cybersecurity researchers and targets alike confused. One obfuscation method used by RagnarLocker recently was to deploy the malware in a stripped down virtual instance of Windows XP. This allowed the group to hide from antivirus software and provided them with ample time to encrypt files. The advisory came as a Flash Alert published in coordination with the Cybersecurity and Infrastructure Security Agency.
Read More: This ransomware group has gone after critical infrastructure firms again and again
