Securin’s Threat Intelligence: September 19, 2022 to September 23, 2022

Updated on Sep 23, 2022

This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.

Why play catchup when you can fix this now?

Trending Threats

  • Bitdefender Introduces a Decryptor Tool for the LockerGoga Ransomware
  • More Information on Ragnor Locker Ransomware

Trending Threats

Bitdefender Introduces a Decryptor Tool for the LockerGoga Ransomware

Bitdefender—in collaboration with law enforcement agencies, including Europol, the No More Ransom Project, the Zürich Public Prosecutor’s Office, and the Cantonal Police of Zürich—has developed a free decryptor tool to recover files encrypted by the LockerGoga ransomware. The free tool and a user guide are available for download from Bitdefender’s servers.

LockerGoga is a ransomware group that has been operational since January 2019 and has attacked prominent organizations all over the world. It is estimated that the group has caused damages worth $US 104 million with its activities. Twelve members of the group were arrested in October 2021, causing the group’s operations to cease.

The free tool is expected to be used by victims, whose files are still encrypted, of the LockerGoga group.

CVE-2019-3396 is the CVE targeted by the LockerGoga group.

More Information on the Ragnor Locker Ransomware

Ragnor Locker has been making headlines in the news with its attacks on Air Portugal, DESFA, etc.

There is now more information about how this ransomware group operates. The attacks are carried out on Windows and Linux systems where a compromised machine is used to gather information and also encrypt files using the Salsa 20 encryption algorithm. Once this is done, the group employs the double extortion tactic to get ransom from their victims—to decrypt the files and not publish the stolen information to the public.

The Ragnor Locker ransomware also deletes volume shadow copies and terminates services, such as VSS, SQL, Veeam, LogMeIN, etc., to keep the victim from recovering the affected files.

CVE-2017-0213 (Windows COM Elevation of Privilege Vulnerability) is a vulnerability that Ragnor Locker exploits. It uses the RDP services exposed to the internet to compromise victim machines with brute-forcing techniques and leaked credentials

The FBI warned organizations against Ragnor Locker in March 2022.

Check out this section to track how these threats evolve!

We use our threat intelligence platform driven by Artificial Intelligence (AI) and Machine Learning (ML) models to analyze the vulnerabilities that hackers could potentially exploit. We warn our customers continuously about exposures and prioritize vulnerabilities to facilitate rapid remediation.

Follow our weekly blog and podcast to get proactive alerts on trending threats. Reach out to us if you need help managing your vulnerabilities and exposures.

Leverage our expertise and manage your threats continuously to stay safe from attackers.

Share This Post On