A global group of legislation enforcement companies have seized the darkish internet portal utilized by the infamous RagnarLocker ransomware group, TechCrunch has realized.
A message on the RagnarLocker web site now states that, “this service has been seized by part of a coordinated worldwide legislation enforcement motion towards the RagnarLocker group.” In keeping with the seizure discover, the operation concerned legislation enforcement companies from the USA, the European Union, and Japan.
The complete scale of the operation just isn’t but identified, and it’s unclear whether or not the gang’s infrastructure was additionally seized, if any arrests have been made, or whether or not any stolen funds have been recovered.
Europe spokesperson Claire Georges confirmed to TechCrunch that the company was concerned in “ongoing motion towards this ransomware group.” The spokesperson mentioned that Europol plans to announce the takedown on Friday “when all of the actions have been finalised.”
An unnamed spokesperson for the Italian State Police additionally mentioned that particulars of the operation shall be revealed Friday.
TechCrunch has additionally contacted legislation enforcement companies within the U.S., Spain, Latvia, Germany, and the Netherlands, however has not but obtained a response.
RagnarLocker is each the identify of a ransomware pressure and the legal group that develops and operates it. The gang, which some safety consultants have linked to Russia, has been noticed concentrating on victims since 2020, and has predominantly attacked organizations within the crucial infrastructure sectors.
In an alert revealed final yr, the FBI warned that it had recognized a minimum of 52 U.S. entities throughout 10 crucial infrastructure sectors, together with manufacturing, vitality and authorities, that had been affected by RagnarLocker ransomware. On the similar time, the FBI launched indicators of compromise related to RagnarLocker, together with Bitcoin addresses used to gather ransom calls for, and e mail addresses utilized by the gang’s operators.
Though the gang has been underneath the watchful eye of legislation enforcement for a while, the RagnarLocker has been concentrating on victims as just lately as this month, in line with ransomware tracker Ransomwatch. In September, the gang claimed accountability for an assault on Israel’s Mayanei Hayeshua hospital and threatened to leak greater than a terabyte of information allegedly stolen through the incident.
Lorenzo Franceschi-Bicchierai contributed reporting.