Show in Graph
Common Information
Type Value
Value 
VIKING SPIDER
Category Actor
Type Threat-Actor
Misp Type Cluster
Description VIKING SPIDER is the criminal group behind the development and distribution of Ragnar Locker ransomware. While public reporting indicates the group began threatening to leak victim data in February 2020, a DLS was not observed until April 2020. The DLS is hosted on Tor, and similar to other actors, proof of data exfiltration is provided before the stolen data is fully leaked. It was also noted that On Dec. 22, 2020, a new post made to MountLocker ransomware’s Tor-hosted DLS was titled 'Cartel News' and included details of a victim of VIKING SPIDER’s Ragnar Locker
Details Published Attributes CTI Title
Details Website 2024-11-07 4 Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware
Details Website 2024-11-07 0 Ransomware Actors Evolved Operations in 2020 | CrowdStrike
Details Website 2023-10-24 0 Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer - RedPacket Security
Details Website 2023-10-19 0 Police seize Ragnar Locker leak site
Details Website 2023-07-18 1 FIN8 Modifies 'Sardonic' Backdoor to Deliver BlackCat Ransomware
Details Website 2023-07-18 42 FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware
Details Website 2022-10-13 0 A Brief History of Ransomware [Including Attacks] | CrowdStrike
Details Website 2022-09-21 6 2022 Crypto crime annual report: North Korea heads up the world’s top five crypto crime locations
Details Website 2022-02-06 12 The future of cyber security: Ransomware groups aim for maximum disruption | Darktrace Blog
Details Website 2021-11-01 0 RagnarLocker
Details Website 2021-07-22 0 The world's top ransomware gangs have created a cybercrime "cartel"
Details Website 2021-06-18 0 Ransomware Actors Evolved Operations in 2020 | CrowdStrike