October 19, 2023 at 12:34PM
Law enforcement agencies, including Europol’s European Cybercrime Centre, the FBI, and Germany’s Bundeskriminalamt, have taken control of RagnarLocker ransomware group’s leak site in a coordinated effort. The takedown is part of a broader campaign to dismantle ransomware groups. RagnarLocker is known for targeting critical infrastructure and using a double extortion model. This operation is significant due to the group’s Russian origin and its attempts to dissuade victims from seeking law enforcement help. More details are expected to be released.
Key Takeaways from the Meeting Notes:
– Law enforcement agencies, including Europol’s European Cybercrime Centre (EC3), the FBI, and Germany’s Bundeskriminalamt (BKA), have carried out a coordinated takedown of the RagnarLocker ransomware group’s leak site.
– This takedown is part of law enforcement’s ongoing efforts to disrupt and shut down ransomware groups.
– In January of this year, the FBI led a successful operation against the Hive group, providing decryption keys to over 300 victims and potentially saving around $130 million in ransom fees.
– RagnarLocker has a history of discouraging victims from contacting law enforcement, making this takedown particularly significant.
– The group is known for targeting critical infrastructure organizations in sectors such as manufacturing, energy, finance, government, and IT.
– RagnarLocker has employed a double extortion model and has been inflexible in its ransom demands.
– While previously considered one of the most dangerous ransomware groups, RagnarLocker’s activity has decreased in 2023, and it was not included in Microsoft’s latest ranking of top ransomware groups.
– One notable attack attributed to RagnarLocker was on an Israeli hospital, during which the group leaked 400GB of data as part of their double extortion strategy.