Authorities confirm RagnarLocker ransomware taken down during international sting TechCrunch

pAn international group of law enforcement agencies have disrupted the notorious RagnarLocker ransomware operationppTechCrunch reported Thursday that an international law enforcement operation involving agencies from the US European Union and Japan had seized the RagnarLocker groups dark web portal The portal which the gang used to extort its victims by publishing their stolen data now reads This service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker groupppAnnouncing the takedown on Friday Europol confirmed it took coordinated action against RagnarLocker which it says was responsible for numerous highprofile attacks The European police agency also confirmed the arrest of a 35yearold man in Paris on October 16 who the authorities accuse of being the main perpetrator of the operation Authorities searched the alleged RagnarLocker developers home in the Czech Republic Alleged associates of the developer were also interviewed in Spain and LatviappRagnarLockers infrastructure was also seized in the Netherlands Germany and Sweden According to Eurojust the EU agency that coordinates criminal justice cooperation across the bloc a total of nine servers were seized five in the Netherlands two in Germany and two in Sweden Eurojust also reports that it seized various cryptocurrencies though their value is currently unknownppUkrainian authorities who were part of the 11country operation said in a separate announcement on Friday that its officers searched the premises of another RagnarLocker suspect near Kiev and recovered laptops mobile phones and other electronic mediappIn a press release Italys Polizia di Stato State Police confirmed its involvement in the coordinated international effort which it called Operation Mole The Italian law enforcement agency also published a video that shows footage from a raid conducted by French Italian and Czech police agents presumably in the house of the 35yearold man they had arrestedppRagnarLocker is both the name of a ransomware strain and the criminal group that develops and operates it The gang which some security experts have linked to Russia has been observed targeting victims since 2020 and has predominantly attacked organizations in the critical infrastructure sectorsppppAuthorities raiding the home of the alleged developer behind the RagnarLocker ransomware Image Credits Polizia di Stato opens in a new windowppIn an alert published last year the FBI warned that it had identified at least 52 US entities across 10 critical infrastructure sectors including manufacturing energy and government that had been affected by RagnarLocker ransomware At the same time the FBI released indicators of compromise associated with RagnarLocker including Bitcoin addresses used to collect ransom demands and email addresses used by the gangs operatorsppIn its announcement on Friday Ukraines police said that since 2020 the RagnarLocker group had attacked and exfiltrated data from 168 international companies in Europe and the United States The group demanded between 5 and 70 million dollars in cryptocurrency from its victimsppIf a victim refused to pay or notified law enforcement of the intrusion the hackers would publish the victims data on the groups sinceseized dark web siteppRagnar Locker explicitly warned their victims against contacting law enforcement threatening to publish all the stolen data of victimised organisations seeking help on its dark web Wall of Shame leak site Europol said on Friday Little did they know that law enforcement was closing in on themppAlthough the gang has been under the watchful eye of law enforcement for some time RagnarLocker has been targeting victims as recently as this month according to ransomware tracker Ransomwatch In September the gang claimed responsibility for an attack on Israels Mayanei Hayeshua hospital and threatened to leak more than a terabyte of data allegedly stolen during the incidentppLorenzo FranceschiBicchierai contributed reporting and writing This article was first published on October 19 and updated with new details and comment from Europol and Italys Polizia di Stato State PoliceppRagnarok ransomware gang shuts down and releases its decryption keyppp