Europol sting takes down RagnarLocker ransomware gang | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Ransomware gang RagnarLocker has had its dark web portal seized in an international law enforcement operational led by pan-European police force Europol.

Europol has apparently taken down the online infrastructure of the RagnarLocker ransomware gang. (Photo by PixelBiss/Shutterstock)

The cybercriminal gang has been active for the last four years, targeting organisations in the public and private sector.

Locked down: Ragnar Locker’s online portal disabled

A message on the gang’s dark web page, which it used to post details of victims, says that “this service has been seized as part of a co-ordinated law enforcement action against the RagnarLocker group”.

Alongside the message, the logos of 15 law enforcement agencies are displayed, including that of Europol and the FBI. Tech Monitor has contacted Europol for more details on the operation and to find out if any arrests have been made.

Also known simply as Ragnar, the group’s ransomware has been on the radar of the FBI since 2020, when the bureau observed it being used to encrypt files belonging to unnamed “large corporation”, with an $11m ransom demand for the release of 10TB of data.

Since then it has been deployed against cloud service providers, enterprise software vendors and companies in the communications, construction and travel sectors. Known victims include video games publisher Capcom, Portuguese energy supplier Energias de Portugal and Italian drinks conglomerate Campari.

Last August, Tech Monitor reported that RagnarLocker had struck DESFA, the national gas supplier in Greece. The company said at the time that it would not negotiate with the criminals, and that gas supply had not been disrupted by the breach. But it admitted that it had to disable all of its IT systems to contain the problem.

The gang is known for using so-called “double extortion” tactics, where a cash ransom is demanded to decrypt data, while the threat of information being published online is also used as a method to gain additional payments.

Content from our partners
How distributors can leverage digital tools for successful customer experience

How Midsona accelerated efficiency and reduced costs with a modern ERP system

Streamlining your business with hybrid cloud

Europol continues its campaign against cybercriminals

Law enforcement agencies have been actively targeting some of the most dangerous cybercriminal gangs this year. In January, Europol and the FBI took down the Hive ransomware gang’s online infrastructure in an operation involving police from 13 countries.

As part of the bust, officers obtained encryption keys which they believe could help victims of the group’s attacks retrieve stolen data and avoid paying ransoms totalling more than $100m.

In April, dark web marketplace Genesis, at the time one of the largest markets for stolen credentials, was shut down in a bust involving the FBI and the UK’s National Crime Agency. Over 120 arrests were made.

More recently, in August, the FBI announced it had dismantled the Qakbot botnet, a tool which has been used by some of the world’s most prolific ransomware gangs to launch attacks.

Police from the UK and Germany aided the take-down of the botnet, which is thought to have infected more than 700,000 devices worldwide. At the time the FBI said it had seized cryptocurrency worth $8.6m as part of the raid.


Click Here For The Original Source.

National Cyber Security