New Ransomware Variant Disables MSP Remote Management Processes To Evade Detection
Researchers at HuntressLabs “@Huntress” uploaded a YouTube video and commentary on their Twitter account that demonstrates a new variant of Ragnar Locker /Ragnar Locker Ransomware that uses a stealthy technique to evade MSP detection prior to encryption. Ragnar Locker scans the running process and services and terminates the processes of many popular MSP RMM (Remote Monitoring and Management) admin tools. Hunt and kill processes technique have been used by ransomware groups before such as Clop, Nemty, Robinhood, Ekans and others. But this new variant uses this approach to go after networks and data in the Cloud.