October 20, 2023 at 12:04PM
Authorities from multiple countries conducted a joint operation to arrest a malware developer associated with the Ragnar Locker ransomware gang. They also seized the group’s dark web sites. The gang is believed to have attacked 168 international companies since 2020. This marks the third action against the gang, with previous arrests made in Ukraine and Canada. The operation also resulted in the seizure of cryptocurrency and the shutdown of the gang’s data leak sites. Ragnar Locker is known for its targeted attacks on enterprise victims.
From the meeting notes, here are the key takeaways:
1. A joint international operation involving law enforcement agencies from multiple countries has arrested a malware developer and seized the dark web sites of the Ragnar Locker ransomware gang.
2. The operation involved authorities from France, the Czech Republic, Germany, Italy, Latvia, the Netherlands, Spain, Sweden, Japan, Canada, and the United States.
3. Police agents in Spain, Latvia, and the Czech Republic have also raided multiple locations believed to be connected to other suspects related to Ragnar Locker.
4. The Ragnar Locker ransomware gang is responsible for numerous attacks against 168 international companies since 2020.
5. During the operation, searches were conducted in three different countries, resulting in six suspects being interrogated. Nine servers were taken down, and the main perpetrator was brought in front of examining magistrates in Paris, France.
6. This marks the third action taken against the Ragnar Locker gang, with previous arrests made in Ukraine and Canada through joint operations involving various law enforcement agencies.
7. The investigation was opened by Eurojust in May 2021 at the request of French authorities, and the agency facilitated coordination between the involved countries’ authorities through coordination meetings and a coordination center.
8. The joint action also led to cryptocurrency seizures and the seizure of the ransomware operation’s Tor negotiation and data leak sites.
9. Ragnar Locker is a ransomware operation that emerged in late December 2019 and targeted enterprise victims worldwide. Unlike other ransomware gangs, they did not recruit affiliates but collaborated with external penetration testers to breach networks.
10. Previous victims of Ragnar Locker include companies like ADATA, Dassault Falcon, and Capcom.
11. According to the FBI, at least 52 organizations in the United States across critical infrastructure sectors have been affected by this ransomware since April 2020.