What is Ragnar Locker Ransomware
Ragnar Locker is a malicious piece classified as ransomware that encrypts personal data and disables the work of installed programs like ConnectWise and Kaseya, which provide solutions for many Windows services, including data recovery, ransomware protection, and other ways to secure privacy. This is made to slacken the ability of the system to counter ransomware infection. In fact, you will not spot these changes and your data will be locked instantly. The way Ragnar Locker encrypts user’s files is by assigning the .ragnar (or .ragn@r) extension with random characters. For instance, the original file named 1.mp4
will be retitled to 1.mp4.ragnar_0FE49CCB
and reset its icon as well. After the encryption process gets to a close, Ragnar Locker creates a text file named according to the combination used for encrypted files (RGNR_0FE49CCB.txt).
Hello * !
********************
If you reading this message, then your network was PENETRATED and all of your files and data has been ENCRYPTED
by RAGNAR_LOCKER !
********************
*********What happens with your system ?************
Your network was penetrated, all your files and backups was locked! So from now there is NO ONE CAN HELP YOU to get your files back, EXCEPT US.
You can google it, there is no CHANCES to decrypt data without our SECRET KEY.
But don't worry ! Your files are NOT DAMAGED or LOST, they are just MODIFIED. You can get it BACK as soon as you PAY.
We are looking only for MONEY, so there is no interest for us to steel or delete your information, it's just a BUSINESS $-)
HOWEVER you can damage your DATA by yourself if you try to DECRYPT by any other software, without OUR SPECIFIC ENCRYPTION KEY !!!
Also, all of your sensitive and private information were gathered and if you decide NOT to pay,
we will upload it for public view !
****
***********How to get back your files ?******
To decrypt all your files and data you have to pay for the encryption KEY :
BTC wallet for payment: *
Amount to pay (in Bitcoin): 25
****
***********How much time you have to pay?**********
* You should get in contact with us within 2 days after you noticed the encryption to get a better price.
* The price would be increased by 100% (double price) after 14 Days if there is no contact made.
* The key would be completely erased in 21 day if there is no contact made or no deal made.
Some sensetive information stolen from the file servers would be uploaded in public or to re-seller.
****
***********What if files can't be restored ?******
To prove that we really can decrypt your data, we will decrypt one of your locked files !
Just send it to us and you will get it back FOR FREE.
The price for the decryptor is based on the network size, number of employees, annual revenue.
Please feel free to contact us for amount of BTC that should be paid.
****
! IF you don't know how to get bitcoins, we will give you advise how to exchange the money.
!!!!!!!!!!!!!
! HERE IS THE SIMPLE MANUAL HOW TO GET CONTCAT WITH US !
!!!!!!!!!!!!!
1) Go to the official website of TOX messenger ( hxxps://tox.chat/download.html )
2) Download and install qTOX on your PC, choose the platform ( Windows, OS X, Linux, etc. )
3) Open messenger, click "New Profile" and create profile.
4) Click "Add friends" button and search our contact *
5) For identification, send to our support data from ---RAGNAR SECRET---
IMPORTANT ! IF for some reasons you CAN'T CONTACT us in qTOX, here is our reserve mailbox ( * ) send a message with a data from ---RAGNAR SECRET---
WARNING!
-Do not try to decrypt files with any third-party software (it will be damaged permanently)
-Do not reinstall your OS, this can lead to complete data loss and files cannot be decrypted. NEVER!
-Your SECRET KEY for decryption is on our server, but it will not be stored forever. DO NOT WASTE TIME !
********************
---RAGNAR SECRET---
*
---RAGNAR SECRET---
********************
In this note, cyber criminals claim that your data is safe and secure, but stored on remote servers. In order to get it back, you should pay approximately 25 Bitcoins unless you linger the payment, which otherwise will be doubled. Moreover, if you refuse to buy decryption software, some parts of your data will be published online or shared with third-parties organizations within 21 days. To initiate payment negotiations, victims are asked to contact extortionists via an e-mail address or qTox messenger. Unfortunately, attempting to use third-parties utilities for decryption, may injure data and lead to its permanent loss. Therefore, the best way to retrieve files for free is to delete Ragnar Locker Ransomware and restore blocked files from backup (USB-storage), if possible.
How Ragnar Locker Ransomware infected your computer
Ransomware developers use a buttload of methods to infiltrate systems, such as e-mail spam, backdoors, keyloggers, fake software cracking tools, trojans, and other atrocious channels. Backdoors are used to hack encryption in a computer or embedded devices (e.g. router) by exploiting multiple vulnerabilities. It can be bundled within other pieces of software to access personal data and take it over to cybercriminals’ servers. Another sneaky way to gain access is via keyloggers that are installed by hackers to record what you enter on the keyboard. This simply means that all of your passwords can be stolen to hijack accounts and billing information. To prevent this, you should avoid clicking on suspicious ads and links because they can redirect to malicious pages that use executable scripts to infect PCs. Also, it is recommended to install software only from legitimate and trusted platforms to avert the presence of hidden malware. Our guide below will explain both removal instructions and security tips to combat such threats in the future.
- Download Ragnar Locker Ransomware Removal Tool
- Get decryption tool for .ragnar or .ragn@r files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Ragnar Locker Ransomware
Download Removal Tool
To remove Ragnar Locker Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders and registry keys of Ragnar Locker Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove Ragnar Locker Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of Ragnar Locker Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Ragnar Locker Ransomware files:
CONTI_README.txt
{randomfilename}.exe
Ragnar Locker Ransomware registry keys:
no information
How to decrypt and restore .ragnar or .ragn@r files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .ragnar or .ragn@r files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .ragnar or .ragn@r files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Ragnar Locker Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .ragnar or .ragn@r files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Ragnar Locker Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives, or remote network storages can be instantly infected by the virus once plugged in or connected to. Ragnar Locker Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.