The operators of the RagnarLocker ransomware have had their website seized by the authorities, hopefully lessening its ability to spread chaos to victims.
Where once stood information on the encryptor and its victims, now stands a message saying “This service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.”
The statement also claims that law enforcement firms from the US, the EU, and Japan, worked together on the operation.
No arrest announcements yet
Usually, when the police engage in operations such as this one, they go for both the people and the infrastructure. That includes servers, endpoints, and administrators/operators. In this instance, besides knowing that the website was seized, we don’t know if any servers were taken offline, or if any arrests were made. With ransomware operations, it’s also possible for law enforcement to obtain private keys to cryptocurrency wallets, as ransom payments are usually made with this nascent technology.
In a statement given to TechCrunch, Europol spokesperson Claire Georges said the agency was involved in “ongoing action against this ransomware group,” without going into more details. The spokesperson for the FBI declined to comment, it was added.
RagnarLocker was first observed in 2020. Some researchers link it to Russia and claim it targets mostly organizations in the critical infrastructure industry. States, and law enforcement organizations, are particularly sensitive to critical infrastructure organizations and are actively pursuing hacking groups that target them. For example, in 2021, the FBI seized millions of dollars given to DarkSide, the hackers behind the Colonial Pipeline attack.
RagnarLocker, the FBI warns, targeted at least 52 entities in the US last year.
Via TechCrunch
More from TechRadar Pro
- Colonial Pipeline attack made possible by compromised VPN password | TechRadar
- Here's a list of the best firewalls today
- These are the best malware removal tools right now
