The police have neutralized the hacking gang and the Ragnar Locker ransomware. It is associated with the Russian Federation

The police have neutralized the hacking gang and the Ragnar Locker ransomware. It is associated with the Russian Federation

As part of a joint international operation, law enforcement officers arrested the developer of the Ragnar Locker ransomware virus and disabled darknet sites belonging to a hacker group associated with this malware. This is reported by BleepingComputer.

Ragnar Locker encrypts the victim’s files and then demands a ransom to decrypt them. Since April 2020, the ransomware virus has affected the networks of at least 52 critical infrastructure organizations in the United States, the FBI said.

Law enforcement officers seized Tor sites for negotiations and data leaks of the Ragnar Locker ransomware.

BleepingComputer has confirmed that a confiscation message is now displayed when visiting any of the Ragnar Locker websites. It also states that numerous international law enforcement agencies from the USA, Europe, Germany, France, Italy, Japan, Spain, the Netherlands, the Czech Republic and Latvia participated in the operation.

This service has been removed as part of a coordinated law enforcement action against the Ragnar Locker group“, the message says.

The full scale of the operation is not yet known. In addition, it is unclear whether the gang’s infrastructure was also seized, whether any arrests were made and whether the stolen funds were recovered.

What is Ragnar Locker?

Ragnar Locker (also known as Ragnar_Locker and RagnarLocker) is the name of both the ransomware and the criminal group behind it. Some security experts link this hacker group to Russia.

Ragnar Locker is one of the longest-running ransomware operations to date, launched in late 2019. They mainly attacked organizations in the field of critical infrastructure.

Like other ransomware, Ragnar Locker infiltrates corporate networks, spreads to other devices while collecting data, and then encrypts computers on the network. Encrypted files and stolen data were used as leverage in double extortion schemes to force the victim to pay for their decryption.

Ragnar Locker was semi-private, meaning the hackers did not actively promote their affiliate recruitment operation, but instead worked with external pentesters to hack the networks.

According to a cybersecurity researcher MalwareHunterTeamRagnarLocker recently switched to using the VMware ESXi encryptor based on the Babuk source code leak.

Earlier, ProIT reported that hackers working for the General Staff of the Russian Federation attacked the Ukrainian military with the help of a new malicious program for Android.

Subscribe to ProIT in Telegramso you don’t miss a post!

Related posts