October 19, 2023 at 10:50AM
Law enforcement agencies from multiple countries have seized the Tor negotiation and data leak sites belonging to the Ragnar Locker ransomware group. The seizure message displayed on the websites indicates that a coordinated international operation involving law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, and Latvia took place. Ragnar Locker is a long-standing ransomware operation that targeted enterprises by breaching networks, stealing data, and encrypting computers for ransom. The group operated differently from other ransomware gangs, as it did not actively recruit outside affiliates but worked with external testers to breach networks. The group also conducted data theft attacks and used its data leak site for extortion. A new ransomware operation called DarkAngels has recently emerged, which may or may not be connected to Ragnar Locker. The ransomware group has been responsible for several significant attacks, including those on Energias de Portugal, Capcom, Campari, and the City of Antwerp.
Based on the meeting notes, here are the key takeaways:
1. The Tor negotiation and data leak sites of the Ragnar Locker ransomware operation were seized in a joint effort by international law enforcement agencies.
2. The seizure message on the websites confirms the involvement of law enforcement agencies from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, and Latvia.
3. Ragnar Locker is a well-established ransomware operation that has been active since the end of 2019.
4. Unlike many other ransomware operations, Ragnar Locker did not recruit external affiliates or actively promote its services.
5. Ragnar Locker focused on breaching corporate networks, spreading laterally, and encrypting computers while also stealing data for extortion purposes.
6. The ransomware gang conducted pure data theft attacks and used their data leak site to pressure victims into paying.
7. A new ransomware operation called DarkAngels was observed utilizing the Ragnar Locker ESXi encryptor, but it is unclear if it is an offshoot or a rebrand.
8. Ragnar Locker has been responsible for significant attacks on various organizations, including Energias de Portugal, Capcom, Campari, Dassault Falcon Jet, ADATA, and the City of Antwerp, Belgium.