Authorities Seized RagnarLocker Ransomware Dark Web Site

A coordinated international law enforcement action has seized the dark web site used by the notorious RagnarLocker ransomware group. 

This operation involving law enforcement agencies from several countries is a major setback for cyber criminals and a significant achievement in the ongoing war against ransomware attacks.

The RagnarLocker website now displays a message: “This service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.” 

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

The message also mentions the participation of law enforcement agencies from the United States, the European Union, and Japan, highlighting the global scope of this operation.

The details of this law enforcement initiative are still not fully disclosed, and many questions remain unanswered. 

It is unclear whether the gang’s entire infrastructure was captured, any arrests were made, or any stolen funds were recovered.

Europol, the European Union’s law enforcement agency, has officially confirmed its involvement in an ongoing action against the ransomware group. 

Europol spokesperson Claire Georges has stated that a detailed announcement regarding the takedown will be made on Friday after all actions have been completed.

The Italian State Police is also expected to reveal more information about the operation. However, an FBI spokesperson has declined to comment at this time.

TechCrunch has contacted law enforcement agencies in various countries, including Spain, Latvia, Germany, and the Netherlands, but no responses have been received yet.

RagnarLocker, the name of a ransomware strain and the criminal group behind it has been a prominent actor in the cybercrime world. 

This gang, which some security experts suspect to have links to Russia, has been active since 2020, mainly targeting critical infrastructure organizations.

The FBI had previously issued an alert, identifying over 52 U.S. entities across ten critical infrastructure sectors, such as manufacturing, energy, and government, that RagnarLocker ransomware attacks had hit.

The agency also released indicators of compromise associated with RagnarLocker, including Bitcoin addresses used for ransom payments and email addresses used by the gang’s operators.

Despite being under the radar of law enforcement for a long time, RagnarLocker has continued its malicious activities. 

Ransomware tracker Ransom Watch reported that the gang was still targeting victims as recently as this month. 

In September, RagnarLocker claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital, threatening to leak over a terabyte of data allegedly stolen during the attack.

The successful seizure of the dark website represents a significant step forward in the fight against ransomware, showing the collaborative efforts of international law enforcement agencies in disrupting cybercriminal networks.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.