RagnarokGang Active

Ransomware group first observed in 2018. Uses PowerShell Empire for deployment.
PDF Report Back to Groups
1
Total Victims
2018-10-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
40.8d
Avg Delay
0
Negotiations
ONION URLS
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
TOOLS
PowerShell Empire IcedID Cloudflare Tunnel ConnectWise
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Omega Industries Italy Energy Published

No TTPs data

No YARA rules

TypeValueDescriptionCopy
sha256 bcdce0f229e86296a325f741c509d427bede9d9f68bfc7de30d249f3f4866e1f Ransomware binary hash observed in RagnarokGang attacks
tox DC4B5B49AF7E832AED690BDD2BFEBDC9779FAF4798DAEB019F5E61BA36DBB1770F450EC70E11 Tox messenger ID observed in RagnarokGang attacks
md5 f3c8ee889906e38079e52e14638c5139 Associated with RagnarokGang ransomware
md5 d05c535c44ba2d0b9777af5ee69d2f98 Malware sample hash - RagnarokGang campaign
sha1 f16dc4ea989107c51a2115d28e56133f7c7d10ce Dropper hash observed in RagnarokGang attacks
sha1 1cb063d7583de7a1ff1e38cbe74393af5cb587cc Dropper hash - RagnarokGang campaign
btc bc1q9aoofce16hxoyenlf73v07t352xz28co8ercbe Associated with RagnarokGang ransomware
btc bc1qpbyxaf7r32cedluyzi78yoymcekoot7a6r385a Bitcoin ransom address - RagnarokGang campaign

No ransom notes