Ragnar Loader, also known as Sardonic Backdoor, is a sophisticated malware toolkit used in ransomware attacks by the Monstrous Mantis group (formerly Ragnar Locker). Discovered by security researchers, the malware maintains persistent access to compromised systems, using multi-layered obfuscation and dynamic decryption to challenge traditional security defenses. It utilizes PowerShell-based payloads, process injection strategies for stealthy control, and WMI filters for undetectable, fileless persistence. The loader is part of a toolkit enabling lateral movement and persistence within victim networks.
News – Sunflower Medical Group says cyber attack impacted over 220,000 patients – TEISS
Sunflower Medical Group reported a cyber attack affecting over 220,000 patients.
