Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ragnarok

According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.

Victims
 

3

First Discovered
victim

2021-03-31

Last Discovered
victim

2021-12-30

Avg Delay
between attack and claim

N/A

Infostealer
for victim with domain

N/A

View Victims on World Map

View group statistics


Known Locations (2)
Favicon Title Type Available Last Visit FQDN
favicon None No 2025-06-01 21:19:12 wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
favicon Decrypt Site No 2025-06-01 21:19:34 sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion

Target (Available)
Top 5 Activity Sectors
  • Commercial Facilities 1
Top 5 Countries

Heatmap (Available)

Ransom Notes (2)

Tools Used (Not Available)

No tools used available.


Vulnerabilities Exploited (0)

No vulnerabilities exploited available.


TTPs Matrix (0)

No TTPs available.


Negotiation Chats (0)

No negotiation chats available.


YARA Rules (0)

No YARA rules available.


Indicators of Compromise (IoCs) (0)

No IoCs available for this group.


Victims (3)
Logo
FNBNWFL Data leaked Ragnarok
Discovery Date: 2021-12-30
N/A
Logo
Decrypt Ragnarok
Discovery Date: 2021-09-09
N/A
Logo
Boggi Milano Ragnarok
Discovery Date: 2021-03-31
N/A