Ragnarok is a ransomware gang that has been operating since 2019. It gained fame after attacking unpatched Citrix ADC server servers.
Asnarok is sometimes called the gang. Last week, it replaced 12 victims on its dark web portal. It also provided instructions on how to decrypt files. Emsisoft experts confirmed that the decryptor contained the master encryption key. The security firm, known for assisting ransomware victims with data decryption, has also released a universal decryptor for Ragnarok ransomware.
Ragnarok is most well-known for its use of the Ragnar Locker ransomware against IT networks. After exploiting the Citrix ADC vulnerability, Ragnarok was able to find Windows computers vulnerable to EternalBlue. According to Ransomwhe.re’s payments tracker, it claimed more than $4.5 Million in ransom payments.
The cybercriminals stole 10 Terabytes (or more) of the data of EDP, Portugal’s energy giant. They threatened to release it if they didn’t pay a $10.9 million ransom. They then stole up to 2TB data including employee records and bank statements from Campari Group’s servers. The group demanded $15 million ransom.
The ransomware gang that targeted Capcom in November also attacked the Japanese gaming giant Capcom. The gang reportedly stole the personal data of 390,000 customers, business partners, and other external parties from Capcom’s systems.
News of the shut down was first reported by Bleeping Computer.
It’s unclear why Ragnarok decided to end his career without a formal note. But other ransomware gangs have adopted a similar self-destruction tactic in the face of increasing pressure from the U.S. government, which earlier this year branded ransomware as a national security threat; REvil, the gang behind the JBS attack, mysteriously disappeared from the internet, and DarkSide, the gang behind the Colonial Pipeline incident, also announced it was retiring.
Fonix and SynAck were also among the ransomware gangs that have retired this year. They each gave up their keys in order to assist victims with their hacking attacks.
It remains to be determined if Ragnarok will disappear forever or if it will simply rebrand. The infamous DoppelPayment ransomware gang has recently resurfaced as Grief Ransomware, after many months without any activity.
“Even though it’s only temporary, it is nice seeing another win,” Allan Liska tweeted from Recorded Future’s Computer Security Incident Response Team.
Publié Mon, 30 August 2021 at 13:31:33 +0000