A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped. The ransom note contains a specific extension to use for encrypted files, an embedded RSA-2048 key, and a custom ransom note that includes the victim’s company name and ransom amount. Ransom Note does not appear to have any weaknesses, but any are discovered we will be sure to update this article if there are any known weaknesses. It is not known if the attackers are actually stealing data before encrypting files, but this is a common tactic as this is becoming a common.
Source: https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/