The Ragnar Locker ransomware is under control now

In a major breakthrough in the ongoing battle against cybercrime, a coalition of international law enforcement agencies has successfully seized the Tor negotiation and data leak sites belonging to the notorious Ragnar Locker ransomware operation.

The seizure message displayed on the sites confirms that this action is part of a coordinated effort against the Ragnar Locker group, as reported by BleepingComputer, with a press release expected to provide more details.

Getting to know Ragnar Locker ransomware

Ragnar Locker ransomware, which began its criminal activities in late 2019, is one of the longest-running ransomware operations. Unlike many of its counterparts, Ragnar Locker is semi-private, not actively recruiting affiliates, and employs tactics that focus on data theft and double-extortion schemes.

Recent developments indicate that the group has switched to using a VMware ESXi encryptor. Additionally, a new ransomware operation named DarkAngels has emerged, possibly connected to Ragnar Locker.

Read also: Microsoft Defender for Endpoint Automatic Attack Disruption promises an end of ransomware.

Where does Ragnar Locker ransomware come from?

The origin of Ragnar Locker ransomware is not definitively known, but it has been associated with cybercriminal groups that have operated internationally. This ransomware first came to prominence in early 2020 and became notorious for targeting large organizations. It has breached critical infrastructure organizations in various countries, and its activities have been of international concern.

Ragnar Locker is a ransomware family and gang that has been under the FBI's radar since its discovery in April 2020. It has targeted organizations globally, making it challenging to attribute its origin to a specific country.

International efforts to combat cybercrime

Countries have been making efforts to combat the Ragnar Locker ransomware group through international collaboration and law enforcement actions.

• Europol's involvement: Europol has actively participated in taking action against the Ragnar Locker ransomware group. They have coordinated efforts with law enforcement officials from the United States and Japan. This collaboration has likely involved sharing intelligence and conducting operations to disrupt the ransomware group's activities
• Seizure of dark web sites: Law enforcement agencies have seized the Ragnar Locker ransomware operation's dark web sites. These sites were used for negotiations and data leaks related to the ransomware attacks. The seizure of these sites was part of an international law enforcement operation aimed at disrupting the group's activities

These efforts indicate that multiple countries are actively working together to combat the Ragnar Locker ransomware group. Such international cooperation is essential in addressing the global threat posed by ransomware attacks and organized cybercriminals.

The actions taken by law enforcement agencies are intended to disrupt the group's infrastructure and prevent further attacks. The operation involved law enforcement agencies from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia and now has come to an end.

Advertisement