Ragnarok is a ransomware gang that has been operating since 2019. It gained fame after attacking unpatched Citrix ADC servers.
Asnarok, also known as the gang, replaced 12 victims on its dark web portal last week with instructions on how to decrypt files. The release of a decryptor was also included. Experts at Emsisoft confirmed that it contained the master decryption keys. Security firm Emsisoft is well-known for helping ransomware victims decrypt their data. They also released a universal encryption key for Ragnarok ransomware.
Ragnarok is most well-known for using Ragnar Locker ransomware in order to attack IT networks. After exploiting the Citrix ADC vulnerability, it was able to search for Windows computers vulnerable to the EternalBlue vulnerability. According to Ransomwhe.re payments tracker, this ransomware has collected more than $4.5 Million in ransom payments.
The cybercriminals stole 10 Terabytes of data from Portuguese energy giant EDP in April 2020 and threatened to release it if they didn't pay a ransom of $10.9million. The gang then stole up to 2TB data including bank statements and employee records from Campari Group's servers. They demanded $15 million ransom.
The ransomware gang that targeted Capcom in November also targeted the Japanese video game giant Capcom. According to reports, the gang stole personal data from 390,000 customers and business partners as well as other external parties from Capcom's systems.
Bleeping Computer first reported the news of the shutdown.
It is not clear why Ragnarok decided to end his career without a formal departure notice. Other ransomware gangs have used a similar strategy to self-destruction in the face increasing pressure from the U.S government. REvil, the gang behind JBS, disappeared mysteriously from the internet and DarkSide (the gang behind Colonial Pipeline incident) also announced that it was retiring.
Other ransomware gangs like SynAck, Ziggy Avaddon and Fonix have also retired from hacking in this year. Each gave up their keys to victims of their attacks.
It remains to be seen if Ragnarok's disappearance is permanent or a temporary rebrand. The infamous DoppelPayment ransomware gang has recently resurfaced as Grief Ransomware, after months of inactivity.
It is only temporary, but it is nice to see another win. Allan Liska, Recorded Futures Computer Security Incident Response Team, tweeted.