A coordinated international law enforcement effort successfully seized the dark web portal used by the infamous RagnarLocker ransomware group.
The RagnarLocker website now displays a message stating, “A coordinated international law enforcement action has seized this service against the RagnarLocker group.” According to the seizure notice, law enforcement agencies from the United States, the European Union, and Japan participated in the operation.
The complete scope of the operation remains undisclosed, and questions linger about whether the gang’s infrastructure, if any arrests were made, or if they managed to recover stolen funds.
Claire Georges, a spokesperson for Europol, confirmed their involvement in an “ongoing action against this ransomware group.” The spokesperson added that Europol plans to announce the takedown on Friday once they finalize all actions.
An unidentified spokesperson from the Italian State Police also mentioned that they would disclose operation details on Friday, while an unnamed FBI spokesperson declined to provide any comments.
RagnarLocker refers to both a ransomware strain and the criminal group responsible for its development and operation. Some security experts have linked this gang, which has been targeting victims since 2020, to Russia, with a primary focus on critical infrastructure sectors.
In a warning issued last year, the FBI revealed that at least 52 U.S. entities across 10 critical infrastructure sectors, including manufacturing, energy, and government, had fallen victim to RagnarLocker ransomware. Simultaneously, the FBI released indicators of compromise related to RagnarLocker, including Bitcoin addresses for ransom collection and email addresses used by the gang’s operators.
Despite law enforcement’s ongoing surveillance, the RagnarLocker group continued to target victims, as evident as this month, according to ransomware tracker Ransomwatch. In September, the gang claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital and threatened to expose over a terabyte of data allegedly stolen during the incident.
