Ragnar Locker Ransomware

First spotted in December 2019, Ragnar Locker is known for targeting corporate entities, performing reconnaissance or discovery research on a network/target before executing the ransomware. It uses a variety of different techniques, including:

• Attacking Windows Remote Desktop Protocol (RDP) connections to gain a foothold in networks
• Exploiting managed service providers’ remote management software for network access, like ConnectWise and Kaseya
• Gaining administrator-level access to domains
• Using native Windows administrative tools like PowerShell and Windows Group Policy Objects (GPO) for lateral movement to Windows clients and servers