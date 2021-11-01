The Federal Bureau of Investigation (FBI) issued a report detailing security compromises associated with Ranzy Locker ransomware, which has targeted victims in the U.S. since late 2020

Victims range from businesses in the manufacturing, transportation, and information technology sectors. Most victims stated that the actors conducted a brute force attack targeting Remote Desktop Protocol (RDP) credentials to access the victims’ networks. Since July 2021, these cybercriminals have compromised over 30 businesses.

According to the report, recent victims reported the actors leveraged known Microsoft Exchange Server vulnerabilities and phishing as the means of compromising their networks and then attempted to locate and exfiltrate essential files.

“Ranzy Locker is deployed to encrypt files on compromised Windows host systems and attached network shares,” the report noted. “The Ranzy Locker hackers leave a ransom note in all directories where encryption occurred demanding the victim pay a ransom in exchange for a decryption tool.”

In the report, the FBI offered U.S. companies several recommendations on preventing possible attacks and how to respond. Including: