The Ragnar Locker ransomware is under control now

Emre Çitak
Oct 20, 2023

In a major breakthrough in the ongoing battle against cybercrime, a coalition of international law enforcement agencies has successfully seized the Tor negotiation and data leak sites belonging to the notorious Ragnar Locker ransomware operation.

The seizure message displayed on the sites confirms that this action is part of a coordinated effort against the Ragnar Locker group, as reported by BleepingComputer, with a press release expected to provide more details.

Ragnar Locker ransomware
The combat against Ragnar Locker ransomware has come to an end - Image courtesy of BleepingComputer

Getting to know Ragnar Locker ransomware

Ragnar Locker ransomware, which began its criminal activities in late 2019, is one of the longest-running ransomware operations. Unlike many of its counterparts, Ragnar Locker is semi-private, not actively recruiting affiliates, and employs tactics that focus on data theft and double-extortion schemes.

Recent developments indicate that the group has switched to using a VMware ESXi encryptor. Additionally, a new ransomware operation named DarkAngels has emerged, possibly connected to Ragnar Locker.

Read alsoMicrosoft Defender for Endpoint Automatic Attack Disruption promises an end of ransomware.

Where does Ragnar Locker ransomware come from?

The origin of Ragnar Locker ransomware is not definitively known, but it has been associated with cybercriminal groups that have operated internationally. This ransomware first came to prominence in early 2020 and became notorious for targeting large organizations. It has breached critical infrastructure organizations in various countries, and its activities have been of international concern.

Ragnar Locker is a ransomware family and gang that has been under the FBI's radar since its discovery in April 2020. It has targeted organizations globally, making it challenging to attribute its origin to a specific country.

Ragnar Locker ransomware
The origin of Ragnar Locker ransomware is unknown

International efforts to combat cybercrime

Countries have been making efforts to combat the Ragnar Locker ransomware group through international collaboration and law enforcement actions.

  • Europol's involvement: Europol has actively participated in taking action against the Ragnar Locker ransomware group. They have coordinated efforts with law enforcement officials from the United States and Japan. This collaboration has likely involved sharing intelligence and conducting operations to disrupt the ransomware group's activities
  • Seizure of dark web sites: Law enforcement agencies have seized the Ragnar Locker ransomware operation's dark web sites. These sites were used for negotiations and data leaks related to the ransomware attacks. The seizure of these sites was part of an international law enforcement operation aimed at disrupting the group's activities

These efforts indicate that multiple countries are actively working together to combat the Ragnar Locker ransomware group. Such international cooperation is essential in addressing the global threat posed by ransomware attacks and organized cybercriminals.

The actions taken by law enforcement agencies are intended to disrupt the group's infrastructure and prevent further attacks. The operation involved law enforcement agencies from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia and now has come to an end.


Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.