When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Threat actors target enterprises, including Capcom and Campari, stealing sensitive data, encrypting network files, and demanding ransoms.
Threat actors target manufacturing facilities, including Dassault Falcon Jet, disrupting product distribution.
Threat actors target critical infrastructure, including EDP energy giant, impacting businesses that provide services to consumers and other organizations.
Threat actors target MSPs for their connection to other organizations, shutting down servers and impacting customers' trust in companies.
Ragnar Locker ransomware threatened to leak victims’ stolen data if they contacted law enforcement, investigative agencies like the Federal Bureau of Investigation or professional negotiators.
Ragnar Locker stole 700GB of data from ADATA, a Taiwanese memory and storage chip maker, containing sensitive files.
Capcom, a Japanese game developer, was breached by Ragnar Locker stealing 1TB of sensitive data from corporate networks in Japan, the US, and Canada.
Ragnar Locker breached EDP Renewables North America (EDPR NA) affecting their parent corporation’s systems, the Portuguese multinational energy company, Energias de Portugal (EDP). They stole 10TB of confidential information.
.ragnar_
.RGNR
RagnarLocker
Threat actors compromise the company’s network using the Remote Desktop Protocol (RDP) service, brute force their way into the networks by either guessing weak passwords or using stolen login information purchased on the dark web. The attackers then conduct a second stage reconnaissance and exploit the CVE-2017-0213 vulnerability in the Windows COM Aggregate Marshaler to run arbitrary code to elevate privileges. Attackers deploy a VirtualBox virtual machine (VM) with a Windows XP image to avoid detection after achieving privilege escalation. The attackers load the VM image to the VirtualBox VM, mapping all local drives into the virtual machine allowing the ransomware to encrypt all the files. The threat operators then delete any extant shadow copies, disable any antivirus countermeasures, and use PowerShell scripts to move the ransomware from one company network asset to another. The attackers steal sensitive files and upload them to their servers before deploying Ragnar Locker ransomware. Ragnar Locker also goes to the extent of eliminating remote admin tools within an environment restricting remote IT from being able to gain access. Ragnar Locker remotely administrates networks by repeating the running services and terminating services used by managed service providers (MSPs). They become unresponsive when contacted by professional negotiation firms.
SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.