The Ragnar Locker group, a gang of cybercriminals behind a series of costly ransomware attacks against companies, has warned victims that they should not seek the assistance of law enforcement agencies.
The group, which also tells victims that they should also not work with firms which specialise in helping companies negotiate with cybercriminals in the wake of a ransomware attack, posted a statement on its darknet website saying that it would punish any “clients” by publishing their stolen data immediately.
So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately.
Here’s the full text of what Ragnar Locker has said (apologies for the poor grammar):
In our practice we has facing with the professional negotiators much more often in last days. Unfortunately it’s not making the process easier or safer, on the contrary it’s actually makes all even worse. Such negotiator are usually working in recovery-companies affiliated or even working directly in Police/FBI/investigation agency and etc. They are totally not interested in commercial success of their clients or in safety of theirs private data.
So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately. Don’t think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie. Dear clients if you want to resolve all issues smoothly, don’t ask the Police to do this for you. We will find out and punish with all our efforts.
There’s only one reason why the Ragnar Locker group would be telling its victims not to bring in ransomware recovery firms and the police – it’s worried that it’s hurting business.
Ransomware gangs aren’t keen on anyone successfully managing to skillfully negotiate a smaller ransom payment, or worse yet help a business recover its data without paying any ransom at all – let alone stirring more interest in the group from law enforcement groups such as the FBI.
The ransomware gangs would much rather you only spoke to them, and that the police and others were not brought in to assist.
The question is – when your company gets hit by Ragnar Locker, are you going to let them determine the rules or not?
Past victims of the Ragnar Locker ransomware include the gaming company Capcom, drinks firm Campari, and Taiwanese memory and storage manufacturer ADATA.