Europol knocks RagnarLocker offline in second major ransomware bust this year

Trending 1 month ago

Law enforcement agencies person taken complete RagnarLocker ransomware group's leak tract successful an internationally coordinated takedown.

Among nan agencies progressive are Europol's European Cybercrime Centre (EC3), nan US's Federal Bureau of Investigation (FBI), and Germany's Bundeskriminalamt (BKA), among galore others.

The takedown follows a concerted effort from rule enforcement successful caller years to shutter ransomware groups arsenic their occurrence continues to exceed erstwhile records.

In January this year, nan FBI led nan measurement successful taking down nan Hive group, handing retired decryption keys to much than 300 victims. The Bureau calculated nan imaginable savings successful ransom fees to beryllium astir $130 million.

At nan time, FBI head Christopher Wray said only astir 40 percent of Hive's victims contacted nan FBI astir nan incident. 

A known maneuver of RagnarLocker is to dissuade victims from contacting home rule enforcement, a truth that makes nan latest bust other special, according to Jake Moore, world cybersecurity advisor astatine ESET.

"Any takedown by Europol is some important and awesome but this seems to person other kudos owed to its Russian root and it reflects nan powerfulness of trying to suppress rule enforcement help," he told The Register.

"In nan past, RagnarLocker has warned their victims not to interaction nan constabulary aliases FBI concerning their ransoms demands aliases look nan threat of having their information published. Therefore, this takedown will travel arsenic an other rustle to nan ransomware group who intelligibly person a bony of contention pinch nan authorities."

Asked astir nan takedown, Europol declined to remark immoderate further, different than that it's "part of an ongoing action against this ransomware group." More specifications are expected to beryllium released via charismatic channels tomorrow.

RagnarLocker's acheronian web leak tract seized and defaced by world rule enforcement agencies

What is RagnarLocker?

Emerging successful precocious 2019 aliases early 2020, depending connected which information company's reports you read, nan location of RagnarLocker has ne'er been conclusively proven. 

Many different European and Asian countries person been linked to nan pack that uses its ain eponymous ransomware payload, though Russia and Ukraine are among those astir often floated.

The FBI was prompted to merchandise an advisory successful March 2022 alerting organizations to its emblematic ngo objectives – targeting captious infrastructure.

It said astatine nan clip that 52 captious infrastructure organizations had been successfully targeted by nan group. This included victims successful nan manufacturing and power sectors, arsenic good arsenic finance, government, and IT. 

It came conscionable a twelvemonth aft 1 of nan largest attacks connected captious infrastructure successful US history swept headlines, astatine a clip wherever attacks connected captious infrastructure were still surely precocious up connected nan database of nan US' concerns.

DarkSide's attack connected Colonial Pipeline caused awesome disruption to nan East Coast of nan US, and prompted nan Biden management to rumor Executive Order 14028: Improving nan Nation's Cybersecurity successful response.

RagnarLocker are besides well-known for adopting a double extortion exemplary and was notoriously staunch connected its attack to negotiations.

  • Cops drill into chat apps, descend crippled to smuggle tonnes of coke into Europe
  • US authorities to analyse China's Microsoft email breach
  • Cops' full pwnage of 'secure' EncroChat nets 6,500+ arrests, €740m successful costs – truthful far
  • 'Top 3 Balkans supplier kingpins' arrested aft cops ace their Sky ECC chats
  • EU proposes spyware Tech Lab to support Big Brother governments successful check

Most modern ransomware groups are unfastened to negotiating fees, arsenic agelong arsenic nan negotiations don't wounded their feelings. RagnarLocker was known for its take-it-or-leave-it stance connected issuing ransom demands. 

The pack was antecedently considered 1 of nan astir vulnerable successful operation, though it hasn't been arsenic progressive successful 2023.

It was omitted from Microsoft's latest Digital Defense Report, which classed nan apical ransomware groups successful cognition currently.

The only awesome onslaught claimed by RagnarLocker successful nan past twelvemonth was connected an Isareli infirmary – an incident that saw it leak 400GB of information of an alleged full 1TB stolen, portion of its telltale double extortion tactic. Well… erstwhile tactic, now.  ®