Major international police operation brings down Ragnar Locker ransomware group

/in


A large group that carried out ransomware attacks has been dismantled in an international police operation. The suspected leader has been arrested, and their platform has been taken offline. Five of the group’s servers were seized in the Netherlands and Dutch investigators assisted in the investigation.

According to coordinator Peter Bos of the East Netherlands Cybercrime Team, he and his colleagues have made an important contribution to this large-scale international operation that was started in 2021.

“As a team, we have succeeded in mapping the IT infrastructure of the Ragnar Locker group, as well as their working methods. We also seized several servers and took down hosting services during the week of action, in which eleven countries worldwide participated. Furthermore, we have secured victim data from more than 60 multinationals and during the investigation, we notified some victims of impending ransomware attacks by this group,” Bos said.

European services Europol (police) and Eurojust (justice) announced the results of the action against the Ragnar Locker group on Friday. The main suspect was arrested in Paris last Monday. His house in the Czech Republic was searched. In addition, five other suspects were subsequently interrogated in Spain and Latvia. The group’s website on the dark web was shut down in Sweden. In addition to the Netherlands, servers were also seized in Germany and Sweden.

The ransomware, also called Ragnar Locker, has been active since December 2019. Its creators infected and locked computer systems. They also stole internal data. They then demanded a ransom from victims, both for unlocking systems and for returning sensitive data. They then offered a decryption key in exchange for a ransom amount ranging from $5 to $70 million, threatening to leak the stolen data on the dark web if their demands were not met, according to the police. They also threatened to release all files to the public if the victims filed charges.

Investigators believe that the group attacked about 168 organizations. Last year, they attacked the Portuguese national airline TAP. A month ago, they perpetrated a digital attack on a hospital near Tel Aviv in Israel.

In 2021,…

Source…