The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning to organizations that operate in critical infrastructure sectors that there’s a heightened possibility of new ransomware attacks.
In the warning, the agencies state that the Ragnar Locker ransomware group has launched 52 attacks in 2022 that focused on the manufacturing, energy, financial services, government, and information technology sectors.
"Ragnar Locker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention,” the agencies said.
Officials say Ragnar Locker has encrypted files on systems and apps that include Windows software, Mozilla Firefox, Internet Explorer, Recycle Bin, Google software, and Opera software.
FBI seeks help from ransomware victims
The FBI says organizations that are targeted with ransomware by Ragnar Locker should not pay the group's ransom to get their files back.
“Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, or fund illicit activities. Paying the ransom also does not guarantee a victim’s files will be recovered,” the Bureau said.
Although it believes that companies shouldn't pay ransom demands, FBI officials admit that some businesses may need to pay a ransom if they cannot function without certain files. They say company executives should evaluate all options to protect their shareholders, employees, and customers.
“Regardless of whether you or your organization decides to pay the ransom, the FBI urges you to report ransomware incidents to your local field office. Doing so provides investigators and analysts with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks,” the agency stated.