Ragnar Locker Ransomware Gang Taken Down

By SCARS Editorial Team – Society of Citizens Against Relationship Scams Inc., portions by EUROPOL
Ragnar Locker Ransomware Gang Taken Down 2023

Ragnar Locker Ransomware Gang Taken Down By Major International Police Operation Against Cybercriminals

Law enforcement and judicial authorities from eleven countries delivered a major blow to one of the most dangerous ransomware operations of recent years.

What is Ragnar Locker Ransomware

Ragnar Locker Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in order to decrypt them. The ransomware is typically spread through phishing emails or malicious websites. Once a victim’s computer is infected, Ragnar Locker will encrypt all of their files, making them inaccessible. The ransomware will then display a ransom note demanding payment in Bitcoin or another cryptocurrency.

Ragnar Locker Ransomware is a particularly dangerous type of malware because it is able to encrypt a wide variety of file types. This makes it difficult for victims to recover their files without paying the ransom. In addition, Ragnar Locker is known for targeting large organizations, such as businesses and government agencies. This makes it a significant threat to critical infrastructure.

The Ragnar Locker Ransomware Shutdown

The coordinated action at an international level by Europol and Eurojust targeted the Ragnar Locker ransomware group. The group was responsible for numerous high-profile attacks against critical infrastructure across the world.

In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain and Latvia.

The “key target” of this malicious ransomware strain was arrested in Paris, France, on 16 October, and his home in Czechia was searched. Five suspects were interviewed in Spain and Latvia in the following days. At the end of the action week, the main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.

The ransomware’s infrastructure was also seized in the Netherlands, Germany, and Sweden and the associated data leak website on Tor was taken down in Sweden.

This international raid follows a complex investigation led by the French National Gendarmerie, together with law enforcement authorities from the Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the United States of America.

In the framework of this investigation, a first round of arrests was carried out in Ukraine in October 2021 with Europol’s support.

What kind of Malware is Ragnar Locker?

Active since December 2019, Ragnar Locker is the name of a ransomware strain and of the criminal group that developed and operated it.

This malicious actor made a name for itself by attacking critical infrastructure across the world, having most recently claimed the attacks against the Portuguese national carrier and a hospital in Israel.

This strain of ransomware targeted devices running Microsoft Windows operating systems and would typically exploit exposed services like Remote Desktop Protocol to gain access to the system.

The Ragnar Locker group was known to employ a double extortion tactic, demanding extortionate payments for decryption tools as well as for the non-release of the sensitive data stolen.

The threat level of Ragnar Locker was considered as high, given the group’s inclination to attack critical infrastructure.

Don’t Call the Cops

Ragnar Locker explicitly warned their victims against contacting law enforcement, threatening to publish all the stolen data of victimized organizations seeking help on its dark web ‘Wall of Shame’ leak site.

“All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help”, the Ragnar Locker ransomware gang announced on its hidden website.

Little did they know that law enforcement was closing in on them.

Back in October 2021, investigators from the French Gendarmerie and the US FBI, together with specialists from Europol and INTERPOL were deployed to Ukraine to conduct investigative measures with the Ukrainian National Police, leading to the arrest of two prominent Ragnar Locker operators.

The investigation continued ever since, leading to the arrests and disruption actions this week. Europol’s European Cybercrime Centre Europol supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy.

Its cybercrime specialists organized 15 coordination meetings and two week-long sprints to prepare for the latest actions, alongside providing analytical, malware, forensic, and crypto-tracing support. A virtual command post was set up this week by Europol to ensure seamless coordination between all the authorities involved.

Eurojust Support:

The case was opened by Eurojust in May 2021 at the request of the French authorities. Five coordination meetings were hosted by the Agency to facilitate judicial cooperation between the authorities of the countries that supported the investigation. Eurojust set up a coordination center during the action week to enable rapid cooperation between the judicial authorities involved.

The Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said:

“This investigation shows that once again international cooperation is the key to taking ransomware groups down. Prevention and security are improving, however ransomware operators continue to innovate and find new victims. Europol will play its role in supporting EU Member States as they target these groups, and each case is helping us improve our modes of investigation and our understanding of these groups. I hope this round of arrests sends a strong message to ransomware operators who think they can continue their attacks without consequence.”

Close cooperation between the involved law enforcement authorities was also supported by Europol’s Joint Cybercrime Action Taskforce (J-CAT), composed of cybercrime liaison officers posted to Europol’s headquarters.

The Following Agencies took part in the Investigation:

  • Czechia: National Counter-Terrorism, Extremism and Cybercrime Agency of Police of the Czech Republic
  • France: National Cybercrime Centre of the French Gendarmerie (Gendarmerie Nationale – C3N)
  • Germany: State Criminal Police Office Sachsen (Landeskriminalamt Sachsen), Federal Criminal Police Office (Bundeskriminalamt)
  • Italy: State Police (Polizia di Stato), Postal and Communication Police (Polizia Postale e delle Comunicazioni)
  • Japan: National Police Agency (NPA)
  • Latvia: State Police (Latvijas Valsts Policija)
  • Netherlands: Police of East Netherlands (Politie Oost-Nederland)
  • Spain: Civil Guard (Guardia Civil)
  • Sweden: Swedish Cybercrime Centre (SC3)
  • Ukraine: Cyberpolice Department of the the National Police of Ukraine (Національна поліція України)
  • United States: Atlanta Field Office of the Federal Bureau of Investigation

The investigation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

SCARS Resources:

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Relationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX-RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org