Authorities have seized their website, hopefully reducing the ability to spread chaos among victims.
Where once there was information about the encryptor and its victims, there is now a message that reads: “This service has been seized as part of a coordinated international law enforcement action against the RagnarLocker group.”
The statement also claims that law enforcement companies from the US, EU and Japan collaborated on the operation.
No arrest announcements yet
When police engage in operations like these, they typically target both the people and the infrastructure. That includes servers, endpoints, and administrators/operators. In this case, we not only know that the website has been seized, but we also don’t know if any servers have been taken offline or if any arrests have been made. Ransomware operations also make it possible for law enforcement agencies to obtain private keys for cryptocurrency wallets, as ransom payments are usually made using this emerging technology.
In a statement to TechCrunch, Europol spokesperson Claire Georges said the agency was involved in “continued action against this ransomware group,” without going into further detail. The FBI spokesman declined to comment, it added.
RagnarLocker was first spotted in 2020. Some researchers link it to Russia and claim that it mainly targets organizations in the critical infrastructure sector. States and law enforcement organizations are particularly sensitive to critical infrastructure organizations and actively pursue hacking groups that target them. For example, in 2021, the FBI seized millions of dollars given to DarkSide, the hackers behind the Colonial Pipeline attack.
RagnarLocker, the FBI warns, targeted at least 52 entities in the US last year.
Through TechCrunch