Exfiltration
- UFile
Ranzy Locker is a ransomware family observed in 2021 and identified as one of the top ransomware variants in Q3 2021, accounting for 3.0% market share in the cited reporting.
Profile source: Mallory opens in a new tabRanzy Locker
Ranzy Locker is a ransomware family observed in 2021 and identified as one of the top ransomware variants in Q3 2021, accounting for 3.0% market share in the cited reporting. The provided content links it to Windows recovery inhibition behavior intended to increase extortion pressure on victims. Specifically, Ranzy Locker uses bcdedit to disable automatic Windows recovery features, including settings such as recoveryenabled set to No and bootstatuspolicy set to ignoreallfailures, aligning with MITRE ATT&CK T1490 (Inhibit System Recovery). It is also reported to use wbadmin to delete system state backups. These actions are designed to prevent restoration of encrypted systems and make recovery more difficult. The broader reporting context describes ransomware operations in this period as commonly targeting mid-sized organizations, often using weak RDP configurations, phishing, and software vulnerability exploitation for initial access, but the provided content does not attribute specific initial access methods, victim sectors, threat actors, or unique indicators of compromise directly to Ranzy Locker beyond its recovery-disabling and backup-deletion behavior.
Ransomware.live
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.