Ragnar Locker Ransomware Infrastructure Taken Down and Suspected Developer Arrested
Europol has announced that it has taken down the infrastructure that was used to support Ragnar Locker ransomware attacks and a suspect believed to be one of the group’s developers has been arrested.
The Ragnar group started conducting attacks using Ragnar Locker ransomware in December 2019. The group is known to have attacked at least 168 organizations, including the Italian drinks giant Campari and the Japanese gaming firm Capcom, as well as many critical infrastructure entities. Ragnar Locker was one of the first big game hunting ransomware groups to steal data to pressure victims into paying ransoms in addition to encrypting files. In contrast to many ransomware groups, Ragnar Locker was not a ransomware-as-a-service (RaaS) operation and instead collaborated with external penetration testers to gain initial access to victims’ networks.
Europol said raids and searches were conducted of multiple properties in Czechia, Spain, and Latvia between October 16 and October 20, and five individuals who are believed to be associated with the group have been interviewed in Spain and Latvia. The suspected developer was arrested in Paris and a search was conducted of his property in Czechia. He has already been brought before magistrates in Paris Judicial Court. The Cyber Police of Ukraine confirmed that they raided the Kyiv property of a suspected gang member and seized laptops, mobile phones, and other electronic devices. The servers used to support Ragnar Locker attacks were seized in the Netherlands, Germany, and Sweden, and the group’s Tor data leak site was taken down in Sweden.
Eurojust opened an investigation of Ragnar Locker in May 2021 at the request of the French Authorities. In September 2021, two individuals suspected of involvement with the group were arrested in Ukraine, and in October 2022, another individual associated with the group was arrested in Canada. Europol and Eurojust coordinated the law enforcement operation and assistance was provided by law enforcement agencies in Czechia, France, Germany, Italy, Japan, Latvia, Netherlands, Spain, Sweden, Ukraine, and the United States.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“This investigation shows that once again international cooperation is the key to taking ransomware groups down. Prevention and security are improving; however, ransomware operators continue to innovate and find new victims. Europol will play its role in supporting EU Member States as they target these groups, and each case is helping us improve our modes of investigation and our understanding of these groups,” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre. “I hope this round of arrests sends a strong message to ransomware operators who think they can continue their attacks without consequence.”
