If you contact the police, we *will* leak your data – warns Ragnar Locker ransomware gang

Graham Cluley
@gcluley

If you contact the police, we *will* leak your data - warns Ragnar Locker ransomware gang

The Ragnar Locker group, a gang of cybercriminals behind a series of costly ransomware attacks against companies, has warned victims that they should not seek the assistance of law enforcement agencies.

The group, which also tells victims that they should also not work with firms which specialise in helping companies negotiate with cybercriminals in the wake of a ransomware attack, posted a statement on its darknet website saying that it would punish any “clients” by publishing their stolen data immediately.

So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately.

Here’s the full text of what Ragnar Locker has said (apologies for the poor grammar):

In our practice we has facing with the professional negotiators much more often in last days. Unfortunately it’s not making the process easier or safer, on the contrary it’s actually makes all even worse. Such negotiator are usually working in recovery-companies affiliated or even working directly in Police/FBI/investigation agency and etc. They are totally not interested in commercial success of their clients or in safety of theirs private data.

So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately. Don’t think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie. Dear clients if you want to resolve all issues smoothly, don’t ask the Police to do this for you. We will find out and punish with all our efforts.

There’s only one reason why the Ragnar Locker group would be telling its victims not to bring in ransomware recovery firms and the police – it’s worried that it’s hurting business.

Ransomware gangs aren’t keen on anyone successfully managing to skillfully negotiate a smaller ransom payment, or worse yet help a business recover its data without paying any ransom at all – let alone stirring more interest in the group from law enforcement groups such as the FBI.

Sign up to our newsletter
Security news, advice, and tips.

The ransomware gangs would much rather you only spoke to them, and that the police and others were not brought in to assist.

The question is – when your company gets hit by Ragnar Locker, are you going to let them determine the rules or not?

Past victims of the Ragnar Locker ransomware include the gaming company Capcom, drinks firm Campari, and Taiwanese memory and storage manufacturer ADATA.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.