Ransomware gang to victims: we’ll leak your data if you seek help from ransom negotiators

Ragnar Locker, a notorious ransomware group responsible for multiple high-profile ransomware attacks, has issued a new warning to its victims: don’t you dare use professional ransom negotiators.

The warning, titled ‘Announcement: FTP’ and published yesterday on Ragnar Locker’s dark web leak site, comes after the ransomware gang noticed a recent spike in the number of professionals negotiating on their victims’ behalf. 

“Unfortunately, it’s not making the [data recovery] process easier or safer. On the contrary, it makes it all even worse,” claims Ragnar Locker.

The gang stated that any “client” (read: victim) who dares to contact a data recovery company or law enforcement agency in an attempt to seek assistance following a ransomware attack, Ragnar Locker will immediately publish the victim’s data on their leak site. 

“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/Investigators, we will consider this as a hostile intent, and we will initiate the publication of whole compromised Data immediately,” reads Ragnar Locker’s announcement.

Later in the statement, the gang proceeds to claim that its ransomware operators are able to discern when a ransom is being negotiated by professionals, citing their experience and “many ways” to identify an expert negotiator. 

Meanwhile, the FBI is urging victims to report ransomware attacks as quickly as possible, claiming that in 2020, the bureau was able to retrieve around $500 million for victims of ransomware groups like Ragnar Locker.

"We want to cut out the ecosystem on this, and so people not paying the ransom is probably the best way. At the end of the day, we recognize that people have to make business decisions. Our ask of people is that if they do pay the ransom, please still report it to us. If we get that information, we might be able to do something about it. Perhaps, we might get the money back. But we certainly can't get it back to you if you don't report it to us," Bryan Smith, chief of the Cyber Criminal Section at the FBI, said during the National Cyber Security Alliance's (NCSA) webinar about cybercrime.

Over the past years, the ransomware industry has rapidly evolved tactics-wise while netting increasingly massive ransoms from businesses of all sizes. Multiple criminal groups have shown a variety of novel techniques, such as double and triple extortion, as well as active insider recruitment.

In light of that, organizations that wish to avoid being targeted by ransomware are best served by employing a zero-trust security policy and following the latest guidelines on preventing data breaches resulting from ransomware attacks published by the US Cybersecurity and Infrastructure Security Agency (CISA).

In addition, organizations should consider carrying out the Ransomware Readiness Assessment, a self-assessment security audit to determine their level of exposure to ransomware attacks.

More from CyberNews:

The LockBit 2.0 ransomware attack against Accenture – time is running out

Cybercriminals increasingly use phishing, and no industry is spared

Longtime cybersecurity professional Kathie Miley: unknown malware is stressing out CISOs

On the prowl for nudes, California man steals 620,000 iCloud photos

Why the future of payments is frictionless and invisible

Subscribe to our newsletter