Cybersecurity warning

FBI: Ranzy Locker Hackers Targeting US Businesses

The FBI is warning organizations about rising Ranzy Locker ransomware attacks aimed at U.S. companies.

According to a flash report published on Oct. 25, unknown actors have compromised over 30 businesses from late 2020 to July 2021. Affected organizations operate in the manufacturing, transportation and information technology sectors.

The Ranzy Locker ransomware exploits vulnerabilities within the Microsoft Exchange Server to unleash phishing attacks. Hackers would then steal remote desktop protocol credentials to steal customer data, personal information, financial records and other important information. Victims will also receive a note telling them to pay a ransom fee in exchange for the release of their files, Nextgov reported.

The bureau listed a series of Ranzy Locker codes on its flash report.

The FBI urged organizations to back up their data regularly, implement network segmentation, install and update antivirus software, patch operating systems, review domain controllers and directories, audit user accounts, disable unused remote access ports, disable hyperlinks in received emails and use multifactor authentication.

The Cybersecurity and Infrastructure Security Agency agreed with the FBI’s recommendations and issued its own alert about the ransomware activity. Eric Goldstein, executive assistant director of CISA’s cybersecurity division, said organizations must always be aware of ransomware attacks and the tactics and procedures associated with the activity.

Several critical infrastructure entities have been hit by ransomware and cyberattacks since the start of 2021. Two of the major incidents are the Colonial Pipeline and JBS USA hacks.