VIKING SPIDERVIKING SPIDER

Also known as: VIKING SPIDER

Known aliases
1

Profile

VIKING SPIDER is the criminal group behind the development and distribution of Ragnar Locker ransomware. While public reporting indicates the group began threatening to leak victim data in February 2020, a DLS was not observed until April 2020. The DLS is hosted on Tor, and similar to other actors, proof of data exfiltration is provided before the stolen data is fully leaked. It was also noted that On Dec. 22, 2020, a new post made to MountLocker ransomware’s Tor-hosted DLS was titled 'Cartel News' and included details of a victim of VIKING SPIDER’s Ragnar Locker

Aliases· 1

VIKING SPIDER

References

  1. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
  2. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
  3. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/
  4. https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel
  5. https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Ragnar Locker
Actor
DUNGEON SPIDER
Actor
Alpha Spider
Actor
VICE SPIDER
Actor
Viking Jackal
Group
Indrik Spider
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.