1 min read

Ragnarok ransomware gang shuts down, universal decryption key released

Graham CLULEY

August 31, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ragnarok ransomware gang shuts down, universal decryption key released

The notorious Ragnarok ransomware gang appears to have abruptly closed its operations and entered retirement, releasing a universal decryption key for its past victims.

The Ragnarok group, which has attacked organisations since 2019, made a name for itself by exploiting a vulnerability in unpatched Citrix ADC servers in order to hunt for a firm's Windows PCs that were vulnerable to the EternalBlue exploit.

At-risk devices then had the Ragnarok ransomware installed onto them, encrypting data files and demanding a Bitcoin ransom payment for their recovery.

Notably, the Ragnarok ransomware attempted to determine if a computer was likely to be running inside Russia, Belarus, China, Turkmenistan, Ukraine, Latvia, Kazakhstan, and Azerbaijan - and, if so, refuse to operate.

In all likelihood, Ragnarok was configured to only activate outside these territories in an attempt to avoid investigation of the gang by local law enforcement.

But now Ragnarok's portal on the dark web is offline, and what claims to be a universal decryption key has been released.

According to Bleeping Computer, ransomware experts have confirmed that the decryption key will unscramble victims' data.

The gang, which is believed to have received over $4.5 million in ransom payments over the years, appears to have had a change of heart.

This might be a reflection of concern that computer crime-fighting authorities are showing a greater interest in the ransomware gang's activities, perhaps prompted by growing international pressure for the countries harbouring cybercriminals to do more to disrupt their activities.

With no public explanation offered as to why the Ragnarok gang has chosen to leave the stage, it's hard to be certain of the group's reasoning for its abrupt departure from the cybercrime scene.

Of course, it's possible that the Ragnarok gang hasn't actually had a change of heart at all, and has instead simply chosen to lie low for a few months before possibly emerging with a new name and brand.

Whatever the reason, for now at least, we should be grateful that another ransomware gang appears to have hit the self-destruct button.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices
Alina BÎZGĂ

October 15, 2021

1 min read
Google gives away 10,000 free security keys to high-risk users Google gives away 10,000 free security keys to high-risk users
Graham CLULEY

October 12, 2021

2 min read
Bank of America employee indicted for email scam that targeted businesses Bank of America employee indicted for email scam that targeted businesses
Graham CLULEY

October 12, 2021

2 min read