Tag Archive for: Locker

Major international police operation brings down Ragnar Locker ransomware group

/in


A large group that carried out ransomware attacks has been dismantled in an international police operation. The suspected leader has been arrested, and their platform has been taken offline. Five of the group’s servers were seized in the Netherlands and Dutch investigators assisted in the investigation.

According to coordinator Peter Bos of the East Netherlands Cybercrime Team, he and his colleagues have made an important contribution to this large-scale international operation that was started in 2021.

“As a team, we have succeeded in mapping the IT infrastructure of the Ragnar Locker group, as well as their working methods. We also seized several servers and took down hosting services during the week of action, in which eleven countries worldwide participated. Furthermore, we have secured victim data from more than 60 multinationals and during the investigation, we notified some victims of impending ransomware attacks by this group,” Bos said.

European services Europol (police) and Eurojust (justice) announced the results of the action against the Ragnar Locker group on Friday. The main suspect was arrested in Paris last Monday. His house in the Czech Republic was searched. In addition, five other suspects were subsequently interrogated in Spain and Latvia. The group’s website on the dark web was shut down in Sweden. In addition to the Netherlands, servers were also seized in Germany and Sweden.

The ransomware, also called Ragnar Locker, has been active since December 2019. Its creators infected and locked computer systems. They also stole internal data. They then demanded a ransom from victims, both for unlocking systems and for returning sensitive data. They then offered a decryption key in exchange for a ransom amount ranging from $5 to $70 million, threatening to leak the stolen data on the dark web if their demands were not met, according to the police. They also threatened to release all files to the public if the victims filed charges.

Investigators believe that the group attacked about 168 organizations. Last year, they attacked the Portuguese national airline TAP. A month ago, they perpetrated a digital attack on a hospital near Tel Aviv in Israel.

In 2021,…

Source…

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

/in


Ragnar Locker Ransomware

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France.

“In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.”

Five other accomplices associated with the ransomware gang are said to have been interviewed in Spain and Latvia, with the servers and the data leak portal seized in the Netherlands, Germany, and Sweden.

The effort is the latest coordinated exercise involving authorities from Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the U.S. Two suspects associated with the ransomware crew were previously arrested from Ukraine in 2021. A year later, another member was apprehended in Canada.

Ragnar Locker, which first emerged in December 2019, is known for a string of attacks targeting critical infrastructure entities across the world. According to Eurojust, the group has committed attacks against 168 international companies worldwide since 2020.

“The Ragnar Locker group was known to employ a double extortion tactic, demanding extortionate payments for decryption tools as well as for the non-release of the sensitive data stolen,” Europol said.

Cybersecurity

Ukraine’s Cyber Police said it conducted raids at one of the suspected members’ premises in Kyiv, confiscating laptops, mobile phones and electronic media.

The law enforcement action coincides with the Ukrainian Cyber Alliance (UCA) infiltrating and shutting down the leak site run by the Trigona ransomware group and wiping out 10 of the servers, but not before exfiltrating the data stored in them. There is evidence to suggest that the Trigona actors used Atlassian Confluence for their activities.

Just as the dismantling of Hive and Ragnar Locker represents ongoing efforts to tackle the ransomware menace, so are the initiatives undertaken by threat actors to evolve and rebrand under new names. Hive, for instance, has resurfaced as Hunters International.

The development…

Source…

Ragnar Locker site disrupted in international law enforcement crackdown

/in


CyberScoop reports that the Ragnar Locker ransomware group, also known as Viking Spider, had its data leak site seized by the FBI and 15 other law enforcement agencies around the world as part of an international crackdown against ransomware infrastructure.

No further information regarding the extent of the takedown operations against the ransomware gang was provided but Ragnar Locker, which emerged in 2019, was noted by CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers to be among the first ransomware groups that targeted corporations and other major entities to obtain significant payouts.

Ragnar Locker had 100 organizations across 27 industries listed on its data leak site prior to the disruption, Meyers said.

Such dismantling of Ragnar Locker’s leak site comes after sanctions against TrickBot members and the disruption of the Hive ransomware operation, as well as the thwarting of Russia’s CyclopsBlink botnet and Chinese attacks against Microsoft Exchange servers.

Source…

VMware ESXi servers subjected to RTM Locker ransomware for Linux attacks

/in



Threat actors have been targeting VMware ESXi servers with a Linux variant of the RTM Locker ransomware strain based on leaked Babuk ransomware source code, according to BleepingComputer.

Source…