Buy Me a Coffee

This space is available for sponsoring Ransomware.live Contact us to sponsor this space

Ragnarok

According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.

Victims
 

3

First Discovered
victim

2021-03-31

Last Discovered
victim

2021-12-30

Inactive Since
more than

4 years

Avg Delay
between attack and claim

N/A

Infostealer
for victim with domain

N/A

View Victims on World Map

View group statistics

Known Locations (2)
Favicon Title Type Available Last Visit Server Info FQDN
favicon None No 2025-06-01 21:19:12 wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
favicon Decrypt Site No 2025-06-01 21:19:34 sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
Target (Available)
Top 5 Activity Sectors
  • Commercial Facilities 1
Top 5 Countries
Heatmap (Available)
Ransom Notes (2)
Tools Used (Not Available)

No tools used available.

Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (0)

No YARA rules available.

Indicators of Compromise (IoCs) (0)

No IoCs available for this group.

Victims (3)
Logo
FNBNWFL Data leaked Ragnarok
Discovery Date: 2021-12-30
N/A
Logo
Decrypt Ragnarok
Discovery Date: 2021-09-09
N/A
Logo
Boggi Milano Ragnarok
Discovery Date: 2021-03-31
N/A