Back to Threat Groups

ragnarok

INACTIVE

ransomware group

According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.

Victims
3
records
First Discovered
Mar 31, 2021
victim
Last Discovered
Dec 30, 2021
victim
Inactive Since
1,639
days
Countries
0
hit
Avg Discount
no settlements

Group Activity

Last 12 months
Jul
2025
Aug
2025
Sep
2025
Oct
2025
Nov
2025
Dec
2025
Jan
2026
Feb
2026
Mar
2026
Apr
2026
May
2026
Jun
2026

Victims (3)

FNBNWFL Data leaked

ragnarok
Dec 30, 2021
Financial Services1.0Published

Decrypt

ragnarok
Sep 9, 2021
Technology1.0Published

Boggi Milano

ragnarok
Mar 31, 2021
Commercial Facilities1.0Published

Infrastructure

No sites tracked