October 21, 2023 at 10:21AM
Europol has successfully taken down the infrastructure associated with the Ragnar Locker ransomware and arrested a key suspect in France. Searches were conducted in Czechia, Spain, and Latvia, resulting in the arrest of the main perpetrator. Five other accomplices were interviewed, and servers and data leak portals were seized in the Netherlands, Germany, and Sweden. The operation involved authorities from multiple countries. Ragnar Locker is known for its attacks on critical infrastructure, using a double extortion tactic. The dismantling of ransomware groups like Ragnar Locker and Hive is ongoing, but threat actors continue to evolve and rebrand under new names.
Key takeaways from the meeting notes:
1. Europol conducted a successful operation to take down the infrastructure associated with the Ragnar Locker ransomware. A key target was arrested in France, and several accomplices were interviewed in Spain and Latvia. Servers and the data leak portal were seized in the Netherlands, Germany, and Sweden.
2. The operation involved collaboration between authorities from multiple countries, including Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the U.S. Previous arrests related to the Ragnar Locker ransomware were made in Ukraine and Canada.
3. The Ragnar Locker ransomware group has been known for targeting critical infrastructure entities worldwide. They used a double extortion tactic, demanding payments for decryption tools and for not releasing stolen sensitive data.
4. Ukraine’s Cyber Police conducted raids in Kyiv, seizing laptops, mobile phones, and electronic media belonging to suspected members of the Ragnar Locker group.
5. The Ukrainian Cyber Alliance (UCA) also took action against the Trigona ransomware group, shutting down their leak site and seizing 10 servers. The Trigona actors were found to use Atlassian Confluence for their activities.
6. The dismantling of ransomware groups like Hive and Ragnar Locker is an ongoing effort, but threat actors continue to evolve and rebrand under new names.
7. India’s Central Bureau of Investigation conducted a nationwide crackdown on infrastructure facilitating cyber-enabled financial crimes. Multiple locations were raided, resulting in the seizure of mobile phones, laptops, servers, SIM cards, and other devices.
8. Sandu Diaconu, the administrator of E-Root Marketplace, was extradited from the UK to the US to face charges related to offering compromised computer credentials for ransomware attacks. His website operated between 2015 and 2020.
9. Marquis Hooper, a former U.S. Navy IT manager, was sentenced to prison for illegally obtaining and selling personally identifiable information (PII) of U.S. citizens on the dark web.
10. For more exclusive content, follow the organization on Twitter and LinkedIn.