FBI Warns of Ranzy Locker Hacks Against U.S. Companies
More than 30 firms in various industries have been compromised by the ransomware as of July 2021 as Congress looks to combat the surge of digital attacks.
The Federal Bureau of Investigation issued a Flash report warning detailing security compromises associated with Ranzy Locker ransomware, which has targeted victims in the U.S. since late 2020.
Ranzy Locker attacks are known to be launched by unknown cyber criminals and have compromised over 30 businesses as of July 2021. Victims range from businesses in manufacturing, transportation and information technology sectors.
The ransomware reportedly exploits vulnerabilities within Microsoft’s Exchange Server to attack company networks via phishing methods, specifically targeting users’ Remote Desktop Protocol credentials.
Once accessed, important information stored within these networks, such as customer data, personal information files, and financial records are among the sensitive data Ranzy Locker hackers exfiltrate.
The hackers leave a note following the access of a company’s files, with one example reading “Attention! Your network has been locked...You have only one way for return your files back––contact us and receive universal [sic] decryption program.”
Ranzy Locker hackers then demand at least one ransom for the return of compromised files.
More samples of Ranzy Locker code can be found on the FBI’s official Flash report dated Oct. 25, which the Cybersecurity and Infrastructure Security Agency amplified with an alert of its own. Officials encourage reporting any concerns of ransomware attacks to FBI field office contacts.
“Bad actors continue to adjust and evolve their tactics over time, and we must remain vigilant of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world," Eric Goldstein, executive assistant director of the CISA's cybersecurity division told Nextgov. "CISA works with partners to provide actionable information so organizations both large and small can protect their networks, operations, data, and employees. We encourage users and administrators visit StopRansomware.gov for mitigation guidance and additional resources.”
Ransomware attacks are becoming more common, prompting Congress to propose legislation that would allocate more federal resources to preventing widespread hacks as seen over the summer with the Colonial Pipeline, JBS Foods and the Nantucket ferry hacks.
Sen. Gary Peters, D-Mich., one of Capitol Hill’s biggest cybersecurity advocates, spoke to The Washington Post Tuesday about the rise of ransomware attacks and the need for federal action.