October 20, 2023 at 11:24AM
Law enforcement agencies from multiple countries have seized the dark web site used by the RagnarLocker ransomware group to shame victims. Operating since 2020, the group targeted 52 entities across critical infrastructure sectors. Unlike other ransomware operations, RagnarLocker was not advertised as a service but operated by a private group. The cybergang exfiltrated victims’ data and threatened to release it unless a ransom was paid. The seizure was part of an international law enforcement action involving authorities from France, Germany, Italy, the Netherlands, and others. This follows the shutdown of other dark web sites earlier this year.
Key Takeaways from the Meeting Notes:
– The dark web site used by the RagnarLocker ransomware group to name and shame victims has been seized as a result of a coordinated international effort by law enforcement agencies.
– RagnarLocker has been active since 2020 and has targeted at least 52 entities in 10 critical infrastructure sectors, according to the FBI.
– Unlike other ransomware operations, RagnarLocker was not offered as ransomware-as-a-service, but rather operated by a private group in cooperation with other cybercriminals as needed.
– The ransomware would gather system information, encrypt files of interest, and exfiltrate victims’ data for extortion purposes.
– The alleged victims of RagnarLocker’s attacks were listed on a Tor-hosted leak site with threats to release the data publicly unless a ransom was paid.
– Authorities from multiple countries, including France, Germany, Italy, Latvia, the Netherlands, Slovakia, Spain, and the US, were involved in this coordinated effort, led by Europol.
– Other nefarious dark web sites, such as the Hive ransomware portal, Genesis Market cybercrime marketplace, and drugs marketplace Piilopuoti, have also been shut down through law enforcement operations this year.