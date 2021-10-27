The FBI issued an alert on Monday () reporting that the criminal group Ranzy Locker was responsible for at least 26 attacks that affected companies in US sectors such as technology, transportation and information.

The alert, issued in conjunction with the United States Infrastructure Security and Cybersecurity Agency (CISA), has as aim to inform corporations about the danger of Ranzy Locker and other cyber hijacking agents (ransomware), in addition to showing how to identify attempts to attack this threat.

The Ranzy Locker hijack warning message. (Image: Screenshot/Dácio Augusto/Canaltech)

The FBI communiqué also states that the hijack warning left by the Ranzy Locker criminals has similarities to those found in the scams carried out by the ransomware agents AKO and ThunderX . Both groups disappeared for some time, but speculation indicates that they have joined together to form the threat warned by the US agency in its note.

Want to catch up on the best tech news of the day?

Access and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news of the tech world for you!

How the attack occurs

The FBI reports that most victims had their systems hacked through brute-force attacks, where criminals try random credentials until they gain access. Other methods used were the abuse of Microsoft Exchange vulnerabilities and the use of stolen passwords in phishing scams.

Once inside their victims’ network, Ranzy Locker’s operators steal documents before encrypting the files. This misplaced data typically contains sensitive information such as customer data and financial records, and is used to convince victims to pay ransom from threats of leaks, setting up a “double-extortion” attack.

522411 Picture from the Ranzy Locker payment site. (Image: Playback/BleepingComputer)

Victims are directed to a payment site on Tor, a program used for communications 100% anonymous on the internet, where a chat is made available for trading with criminals. As part of the operation, Ranzy Locker’s operators allow affected people to release access to three files for free, to prove that the restoration is real. Soon after, they demand payment of the ransom.

If payment does not take place, the documents will be made available to the public on the Ranzy Leak website, along with information from other companies that refused to comply with the criminals’ demands.

Protection

Ranzy Locker is another example of malware it is doing many victims around the world. However, most of these cyber crimes can be prevented with the use of good security practices.

In addition, in early September, CISA published a manual with instructions on how to prevent these crimes threats. Check out some of the recommendations contained in the following official document: