Ransomware Ragnar Locker

Ragnar Locker Ransomware acts in a different way to other ransomware, because in addition to it invading the system and encrypting the data, it also shuts down installed programs that could cause some risk to it (such as software updaters and anti-malware) and that can somehow fight the ransomware attack and stop its invasion of the system.

This Ransomware emerged in late 2019, and like many other known ransomware variants, (such as BlackMatterLockBit 2.0 and REvil) Ragnar Locker uses a double extortion technique, to “force” victims to pay, where data is encrypted locally and filtered before the ransom demand is made. And if the victim refuses to pay, their data is published on a website located on the dark web.

Ragnar Locker also features the “wall of shame” where they post a list of victims recently attacked by them.

Ragnar Locker ransomware only attacks on Windows operating systems, and these attacks are completely unobtrusive because the malware is only 55 kb in size.

The first thing they do after the invasion is language scanning on the user’s system. For Ransomware avoids some countries and focuses on Europe, the United States and Latin America.

Ragnar Locker also attributes attacks on some big companies, such as EDP (Portugal’s energy provider) and Capcom (game developer), these attacks were million-dollar attacks, one example, the group demanded EDP 10 million dollars so that they can unlock and not leak the company’s data (which was valued at 10 TB of data).

Recover Files Encrypted by Ragnar Locker Ransomware

Digital Recovery specialises in Ransomware recovery, performing 24×7 work in emergency mode. Our specialists are fully dedicated to the customer, from the first contact until the delivery of the data.

We have our own tool called Tracer, which through millions of calculations they recover the files (without the decryption key), this tool not only assists in the recovery but speeds up the recovery process, which is faster and more effective, to the customer’s satisfaction.

Our processes are in accordance with the General Data Protection Regulation (GDPR) and we also provide the NDA (Confidentiality Agreement).

And this is the safest alternative of all, encrypted data recovery.

If you’ve been a victim of Ragnar Locker ransomware contact our experts and start the recovery process now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.