Just as in the Marvel Universe, a ransomware group that goes by the name “Ragnarok” caused catastrophic harm and ended in a snap.
Ragnarok, a hacking gang that’s locked victims out of their computers and extorted them since 2019, suddenly appears to have called it quits. The group shared a free tool Thursday that will help previous victims unlock their files and gain access to their computers again, according to security researchers.
It’s not clear why Ragnarok is abandoning its pilfering ways. But the apparent decision to self-destruct is a move that other ransomware gangs have been adopting as well. Ragnarok is the fifth ransomware operator that’s appeared to backtrack on its previous grift following increased international attention to ransomware hacking. Ziggy ransomware hackers, as well as Avaddon, SynAck, and Fonix hacking groups have all also retreated from their ransomware hacking this year, each giving up their keys and neutralizing their attacks.
The uptick in hackers backing down in recent months is somewhat unorthodox, according to Brett Callow, an analyst at Emsisoft, which helps ransomware victims recover from ransomware attacks.
“While it’s not unprecedented for gangs to do this, it’s certainly unusual for so many to have done it, and I suspect the exits are due to increased attention from law enforcement,” Callow told The Daily Beast. “Put simply, they got cold feet.”
In its statement about its withdrawal, Ziggy explicitly declared that their intention in backing down was to avoid law enforcement crackdowns and repercussions, according to an earlier interview with Bleeping Computer.
Other ransomware gangs in recent weeks have been working to avoid the watchful eye of law enforcement and world powers as well—several gangs that drew the attention of President Joe Biden following their attacks that led to shutdowns at Colonial Pipeline, a massive fuel supplier across the East Coast, and meat supplier JBS, have gone dark. REvil, the gang behind the JBS attack, has since mysteriously disappeared from the internet. And DarkSide, the gang behind the Colonial Pipeline incident, also announced it was backing down and retiring.
Even those operating in…