Legislation enforcement companies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group’s darkish websites in a joint worldwide operation.
Authorities from France, the Czech Republic, Germany, Italy, Latvia, the Netherlands, Spain, Sweden, Japan, Canada, and the US have been a part of this worldwide operation focusing on the Ragnar Locker ransomware gang.
In Spain, Latvia, and the Czech Republic, police brokers have additionally raided a number of areas believed to be related to different Ragnar Locker suspects.
The Ragnar Locker ransomware gang is believed to have carried out assaults in opposition to 168 worldwide firms globally since 2020.
“In an motion carried out between 16 and 20 October, searches have been performed in three completely different international locations and in complete six suspects have been heard within the Czech Republic, Spain, Latvia and France. Moreover, 9 servers have been taken down; 5 within the Netherlands, two in Germany and two in Sweden,” Europol stated at this time.
“On the finish of the motion week, the principle perpetrator, suspected of being a developer of the Ragnar group, has been introduced in entrance of the inspecting magistrates of the Paris Judicial Courtroom.”
“One of many builders of the malicious software program was detained in France,” the Ukrainian cyberpolice added in a separate assertion.
This joint operation marks the third motion taken in opposition to the identical ransomware gang. In September 2021, coordinated efforts involving French, Ukrainian, and US authorities led to the arrest of two suspects in Ukraine.
Subsequently, in October 2022, one other suspect was apprehended in Canada via a joint operation performed by French, Canadian, and US legislation enforcement companies.
“The case was opened by Eurojust in Could 2021 on the request of the French authorities. 5 coordination conferences have been hosted by the Company to facilitate judicial cooperation between the authorities of the international locations supporting the investigation,” Europol stated.
“Eurojust arrange a coordination centre throughout the motion week to allow fast cooperation between the judicial authorities concerned.”
The joint motion additionally led to cryptocurrency seizures and the ransomware operation’s Tor negotiation and information leak websites being seized on Thursday.
“This service has been seized as a part of a coordinated legislation enforcement motion in opposition to the Ragnar Locker group,” a banner displayed on Ragnar Locker’s information leak website reads.
The Ragnar Locker (also called Ragnar_Locker and RagnarLocker) ransomware operation surfaced in late December 2019 when it began focusing on enterprise victims worldwide.
In distinction to many trendy ransomware gangs, Ragnar Locker didn’t function as a Ransomware-as-a-Service, the place associates are recruited to breach targets’ networks and deploy the ransomware in change for a share of the income.
As an alternative, Ragnar Locker operated semi-private, as they did not actively recruit associates, selecting to collaborate with exterior penetration testers to breach networks.
Ragnar Locker’s checklist of earlier victims contains outstanding entities corresponding to pc chip producer ADATA, aviation big Dassault Falcon, and Japanese recreation maker Capcom.
In line with the FBI, this ransomware has been deployed on the networks of at the very least 52 organizations throughout varied important infrastructure sectors in the US since April 2020.