October 20, 2023 at 12:11PM
Law enforcement agencies from multiple countries have arrested a malware developer associated with the Ragnar Locker ransomware gang. The joint international operation resulted in the seizure of the group’s dark web sites. The Ragnar Locker gang has targeted 168 international companies since 2020. This is the third action taken against the gang, following previous arrests in Ukraine and Canada. The operation led to cryptocurrency seizures and the shutdown of the gang’s negotiation and data leak sites. Previous victims of the Ragnar Locker gang include ADATA, Dassault Falcon, and Capcom. The ransomware has affected at least 52 organizations in the US.
Key takeaways from the meeting notes:
1. An international operation involving multiple law enforcement agencies has resulted in the arrest of a malware developer associated with the Ragnar Locker ransomware gang.
2. The operation targeted the Ragnar Locker gang’s dark web sites and involved authorities from France, the Czech Republic, Germany, Italy, Latvia, the Netherlands, Spain, Sweden, Japan, Canada, and the United States.
3. Police agents in Spain, Latvia, and the Czech Republic have conducted raids on multiple locations believed to be linked to other Ragnar Locker suspects.
4. The Ragnar Locker gang is responsible for carrying out attacks against 168 international companies since 2020.
5. As part of the operation, searches were conducted in three different countries and six suspects were questioned in the Czech Republic, Spain, Latvia, and France. Nine servers were also taken down.
6. The main perpetrator, suspected to be a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.
7. One of the developers of the malicious software was detained in France, as confirmed by the Ukrainian cyberpolice.
8. This joint operation marks the third action taken against the Ragnar Locker gang, following previous arrests in Ukraine and Canada.
9. Eurojust facilitated judicial cooperation between the supporting countries involved in the investigation.
10. Cryptocurrency seizures were made, and the Ragnar Locker group’s Tor negotiation and data leak sites were seized during the operation.
11. Ragnar Locker operated differently from other ransomware gangs, collaborating with external penetration testers instead of recruiting affiliates.
12. Past victims of Ragnar Locker include ADATA, Dassault Falcon, and Capcom.
13. The FBI has identified 52 organizations in the United States that have been affected by this ransomware since April 2020.