Pierluigi Paganini
October 19, 2023
Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and data leak sites.
This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.
The ransomware operation has been active since late December 2019, the FBI published two flash alerts to warn of the operation of the group.
In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors.
“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert. “RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.”
The flash alert provided details on attack infrastructure, Bitcoin addresses used by the gang to receive the payments of the ransom from the victims, and email addresses used by the gang’s operators.
The Ragnar Locker group focuses on extortion, in some cases it did not deploy ransomware, instead it only stole the victim’s data threatening to leak it.
In early September 2023, the Ragnar Locker ransomware gang claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
