H-ISAC TLP White Vulnerability Report: FBI Releases Indicators of Compromise Associated with RagnarLocker Ransomware

Health-ISAC is issuing a vulnerability bulletin regarding the United States Federal Bureau of Investigation’s release of Indicators of Compromise (IOCs) associated with RagnarLocker ransomware. The FBI first became aware of RagnarlLocker in April 2020 and subsequently produced a Flash to disseminate known indicators of compromise (IOCs). This FLASH provides updated and additional IOCs to supplement that report. 

As of January 2022, the FBI has identified numerous entities across several critical infrastructure sectors affected by RagnarLocker ransomware, including energy, financial services, government, and information technology sectors. RagnarLocker ransomware affiliates operate as a family and frequently change obfuscation techniques to avoid detection and prevention.  

Health-ISAC is sharing these IOCs to increase sector awareness. Organizations are encouraged to ingest these IOCs manually if no automatic ingestion systems are implemented. For Health-ISAC members who have implemented the Health-ISAC Indicator Threat Sharing (HITS) program, the IOCs related to this alert have been automatically imported into your environment.  

All members are encouraged to review the FBI FLASH (CU-000163-MW): RagnarLocker Ransomware Indicators of Compromise, which has been attached to this alert.

View the detailed reports below.