FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
07 March 2025
Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil).
"Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss