A global group of regulation enforcement companies have seized the darkish net portal utilized by the infamous RagnarLocker ransomware group, information.killnetswitch has realized.
A message on the RagnarLocker web site now states that, “this service has been seized by part of a coordinated worldwide regulation enforcement motion in opposition to the RagnarLocker group.” In keeping with the seizure discover, the operation concerned regulation enforcement companies from the USA, the European Union and Japan.
The total scale of the operation will not be but recognized, and it’s unclear whether or not the gang’s infrastructure was additionally seized, if any arrests had been made or whether or not any stolen funds have been recovered.
Europol spokesperson Claire Georges confirmed to information.killnetswitch that the company was concerned in “ongoing motion in opposition to this ransomware group.” The spokesperson stated that Europol plans to announce the takedown on Friday “when all of the actions have been finalised.”
An unnamed spokesperson for the Italian State Police additionally stated that particulars of the operation might be revealed Friday. An unnamed FBI spokesperson declined to remark.
information.killnetswitch has additionally contacted regulation enforcement companies in Spain, Latvia, Germany and the Netherlands, however has not but obtained a response.
RagnarLocker is each the identify of a ransomware pressure and the prison group that develops and operates it. The gang, which some security consultants have linked to Russia, has been noticed focusing on victims since 2020, and has predominantly attacked organizations within the essential infrastructure sectors.
In an alert revealed final yr, the FBI warned that it had recognized at the least 52 U.S. entities throughout 10 essential infrastructure sectors, together with manufacturing, power and authorities, that had been affected by RagnarLocker ransomware. On the identical time, the FBI launched indicators of compromise related to RagnarLocker, together with Bitcoin addresses used to gather ransom calls for, and electronic mail addresses utilized by the gang’s operators.
Though the gang has been underneath the watchful eye of regulation enforcement for a while, the RagnarLocker has been focusing on victims as just lately as this month, in response to ransomware tracker Ransomwatch. In September, the gang claimed accountability for an assault on Israel’s Mayanei Hayeshua hospital and threatened to leak greater than a terabyte of information allegedly stolen in the course of the incident.
