Tuesday, October 24, 2023
HomeCyber SecurityEuropol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

Ragnar Locker Ransomware

Europol on Friday introduced the takedown of the infrastructure related to Ragnar Locker ransomware, alongside the arrest of a “key goal” in France.

“In an motion carried out between 16 and 20 October, searches had been carried out in Czechia, Spain, and Latvia,” the company stated. “The primary perpetrator, suspected of being a developer of the Ragnar group, has been introduced in entrance of the inspecting magistrates of the Paris Judicial Court docket.”

5 different accomplices related to the ransomware gang are stated to have been interviewed in Spain and Latvia, with the servers and the info leak portal seized within the Netherlands, Germany, and Sweden.

The hassle is the newest coordinated train involving authorities from Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the U.S. Two suspects related to the ransomware crew had been beforehand arrested from Ukraine in 2021. A 12 months later, one other member was apprehended in Canada.

Ragnar Locker, which first emerged in December 2019, is understood for a string of assaults focusing on essential infrastructure entities the world over. Based on Eurojust, the group has dedicated assaults towards 168 worldwide firms worldwide since 2020.

“The Ragnar Locker group was identified to make use of a double extortion tactic, demanding extortionate funds for decryption instruments in addition to for the non-release of the delicate knowledge stolen,” Europol stated.


Ukraine’s Cyber Police stated it carried out raids at one of many suspected members’ premises in Kyiv, confiscating laptops, cell phones and digital media.

The legislation enforcement motion coincides with the Ukrainian Cyber Alliance (UCA) infiltrating and shutting down the leak web site run by the Trigona ransomware group and wiping out 10 of the servers, however not earlier than exfiltrating the info saved in them. There may be proof to counsel that the Trigona actors used Atlassian Confluence for his or her actions.

Simply because the dismantling of Hive and Ragnar Locker represents ongoing efforts to sort out the ransomware menace, so are the initiatives undertaken by menace actors to evolve and rebrand underneath new names. Hive, as an example, has resurfaced as Hunters Worldwide.

The event comes as India’s Central Bureau of Investigation, based mostly on info shared by Amazon and Microsoft, stated it raided 76 areas throughout 11 states in a nationwide crackdown geared toward dismantling infrastructure used to facilitate cyber-enabled monetary crimes corresponding to tech help scams and cryptocurrency fraud.

The train, codenamed Operation Chakra-II, led to the seizure of 32 cell phones, 48 laptops/exhausting disks, photographs of two servers, 33 SIM playing cards, and pen drives, in addition to a dump of 15 electronic mail accounts.

It additionally follows the extradition of Sandu Diaconu, a 31-year-old Moldovan nationwide, from the U.Okay. to the U.S. to face fees associated to his function because the administrator of E-Root Market, a web site that supplied entry to greater than 350,000 compromised pc credentials worldwide for ransomware assaults, unauthorized wire transfers, and tax fraud.


The web site, which went operational in January 2015, was taken down in 2020 and Diaconu was arrested within the U.Okay. in Might 2021 whereas attempting to flee the nation.

“The E-Root Market operated throughout a broadly distributed community and took steps to cover the identities of its directors, consumers, and sellers,” the U.S. Division of Justice (DoJ) stated this week.

“Consumers may seek for compromised pc credentials on E-Root, corresponding to RDP and SSH entry, by desired standards corresponding to worth, geographic location, web service supplier, and working system.”

In a associated legislation enforcement motion, Marquis Hooper, a former U.S. Navy IT supervisor, was sentenced to 5 years and 5 months in jail for illegally acquiring 9,000 U.S. residents’ personally identifiable info (PII) and promoting it on the darkish internet for $160,000 in bitcoin.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments