Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Ransomware Group Threatens to Reveal Data of Victims Who Contact FBI/Police

September 8, 2021

On September 7, Bleeping Computer reported that the Ragnar Locker ransomware group has warned that it will leak stolen data from victims that contact law enforcement authorities, including the FBI and the police.

The threat was posted in Ragnar Locker’s darknet leak site. The threat also applies to victims who contact data recovery experts to attempt decryption and to conduct the negotiation process.

Under any of the circumstances, the group says it will publish the victim’s full data on their .onion site.

Ragnar Locker says that victim organizations who hire “professional negotiators” are only making the recovery process worse because the negotiators are often working with data recovery companies affiliated with the FBI and other authorities.

“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately,” according to the note published on the group’s data leak site.

Ragnar Locker hackers are known for manually deploying the ransomware payloads to encrypt the victims’ systems. But first they conduct reconnaissance to discover network resources, company backups, and other sensitive files to exfiltrate before they encrypt the data.

The FBI does not endorse paying ransoms as doing so will not necessarily protect networks from data leaks or future attacks. Ransomware victims are instead encouraged to contact the local FBI field office. It is also true that paying ransom incentivizes other cybercriminals to use the same tactics.

On the other side of the coin, all U.S. states and territories have data breach laws and victims cannot legally ignore the notification requirements of those laws. The same is true for those states that have data privacy law.

Where does that leave ransomware victims? Caught in an impossible predicament.

HT to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology