Sept 1—The Ragnarok ransomware gang, which began operations in 2019, formally announced its decision to wind down operations. Last week, Ragnarok provided all 12 of the victims listed on its dark web platform with instructions regarding file decryption. The group also offered victims a decryptor that includes a master decryption key.
Ragnarok’s claims to fame
The Ragnarok group gained notoriety due to its Ragnar Locker ransomware, which was commonly deployed on targeted IT networks. To date, the group garnered more than $4.5 million in ransom payments.
In 2020, the Ragnarok hackers thieved 10 terabytes of sensitive data owned by major energy firm. The cyber criminals stated that the data would be made public in the absence of a $10.9 million payment. Shortly thereafter, the gang recycled this strategy when attacking an Italian liquor giant.
The group negated to mention the reason behind their shut down. This ‘self-destruction’ approach appears to be gaining momentum, as international agencies and nation-state governments pressure hackers to end activities. See Cyber Talk’s coverage of the mysterious REvil disappearance.
However, experts also point out that cyber criminals, and ransomware gangs in particular, do not necessarily disappear in entirety. An increasingly common approach is for cyber criminal gangs to ‘fake their own deaths’ and to then rebrand activities under another moniker.
For more information about this approach, see Cyber Talk’s interview with workforce security expert, Brian Linder. Lastly, sign up for our newsletter here.