Ragnar Locker Overview

First seen in December 2019, Ragnar engages in Big Game Hunting.
Probably, one of Ragnar Locker’s most interesting traits is that it attempts to run inside a
virtual machine on the victims infrastructure in order to avoid detection while impacting the
host operating system or hypervisor.

Their victims include Portugal National Airline (AirTAP) – which allegedly retaliated by
attempting a DDoS against their DLS – , a Belgian municipality, and many industrial and
manufacturing businesses.

Some sources tie Ragnar with current Maze and MountLocker operators, suggesting a
collaboration between groups.