Europol knocks RagnarLocker offline in second major ransomware bust this year

2023-10-19 16:30

Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown.

The takedown follows a concerted effort from law enforcement in recent years to shutter ransomware groups as their success continues to exceed previous records.

A known tactic of RagnarLocker is to dissuade victims from contacting domestic law enforcement, a fact that makes the latest bust extra special, according to Jake Moore, global cybersecurity advisor at ESET. "Any takedown by Europol is both significant and impressive but this seems to have extra kudos due to its Russian origin and it reflects the power of trying to suppress law enforcement help," he told The Register.

"In the past, RagnarLocker has warned their victims not to contact the police or FBI concerning their ransoms demands or face the threat of having their data published. Therefore, this takedown will come as an extra blow to the ransomware group who clearly have a bone of contention with the authorities."

Emerging in late 2019 or early 2020, depending on which security company's reports you read, the location of RagnarLocker has never been conclusively proven.

The only major attack claimed by RagnarLocker in the past year was on an Isareli hospital - an incident that saw it leak 400GB of data of an alleged total 1TB stolen, part of its telltale double extortion tactic.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/19/europol_knocks_ragnarlocker_offline/

#europol #ransomware