1 min read

Ragnarok ransomware gang shuts down, universal decryption key released

Graham CLULEY

August 31, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ragnarok ransomware gang shuts down, universal decryption key released

The notorious Ragnarok ransomware gang appears to have abruptly closed its operations and entered retirement, releasing a universal decryption key for its past victims.

The Ragnarok group, which has attacked organisations since 2019, made a name for itself by exploiting a vulnerability in unpatched Citrix ADC servers in order to hunt for a firm's Windows PCs that were vulnerable to the EternalBlue exploit.

At-risk devices then had the Ragnarok ransomware installed onto them, encrypting data files and demanding a Bitcoin ransom payment for their recovery.

Notably, the Ragnarok ransomware attempted to determine if a computer was likely to be running inside Russia, Belarus, China, Turkmenistan, Ukraine, Latvia, Kazakhstan, and Azerbaijan - and, if so, refuse to operate.

In all likelihood, Ragnarok was configured to only activate outside these territories in an attempt to avoid investigation of the gang by local law enforcement.

But now Ragnarok's portal on the dark web is offline, and what claims to be a universal decryption key has been released.

According to Bleeping Computer, ransomware experts have confirmed that the decryption key will unscramble victims' data.

The gang, which is believed to have received over $4.5 million in ransom payments over the years, appears to have had a change of heart.

This might be a reflection of concern that computer crime-fighting authorities are showing a greater interest in the ransomware gang's activities, perhaps prompted by growing international pressure for the countries harbouring cybercriminals to do more to disrupt their activities.

With no public explanation offered as to why the Ragnarok gang has chosen to leave the stage, it's hard to be certain of the group's reasoning for its abrupt departure from the cybercrime scene.

Of course, it's possible that the Ragnarok gang hasn't actually had a change of heart at all, and has instead simply chosen to lie low for a few months before possibly emerging with a new name and brand.

Whatever the reason, for now at least, we should be grateful that another ransomware gang appears to have hit the self-destruct button.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Greenland hit by cyber attack, finds its health service crippled Greenland hit by cyber attack, finds its health service crippled
Graham CLULEY

May 20, 2022

1 min read
Nikkei Singapore HQ Hit with Ransomware Nikkei Singapore HQ Hit with Ransomware
Filip TRUȚĂ

May 20, 2022

1 min read
QNAP Warns Customers of New Wave of Deadbolt Ransomware Attacks QNAP Warns Customers of New Wave of Deadbolt Ransomware Attacks
Vlad CONSTANTINESCU
1 min read