Ragnarok Gang shuts down activities and releases its decryption key

The gang specializing in digital hijackings (ransomware) Ragnarok followed in the footsteps of groups like REvil and decided to cease their activities. With that, those involved publicly released the download of the decryption tool needed to unlock all systems affected by their attacks.

As with other gangs, the announcement of the end of Ragnarok’s activities was brought about by changes to the website where it reported its actions and demanded the payment of ransoms. As the Bleeping Computer points out, those involved seem to have “hurriedly left” the criminal world and only prepared a page with minimal information.

The group’s most recent activities took place between the 7th of July and the 16th of August, when 12 victims were publicly reported. By emulating the behavior of other gangs, cybercriminals displayed the identities of their targets as a way to pressure them into paying ransoms to prevent sensitive information from being disclosed or sold.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

Image: Playback/Bleeping Computer

Also known as Arnarok, the gang began operations in 2019 and claimed victims in countries such as France, Estonia, Sri Lanka, Turkey, Thailand, the United States, Spain and Italy. Digital hijackings were done by exploiting the security holes of companies and devices used in their perimeters—once they entered a system, attackers would spread inside and encrypt servers and workstations.

gang can come back under another name

Before ending its activities, Ragnarok changed the visual part of its website and started to identify itself with the brand “Daytona by Ragnarok”. Security experts are analyzing the decryption key released by the gang and have already confirmed that it actually manages to unlock the affected systems. The expectation is that a secure version of the software will be released soon on the NoMoreRansom portal, maintained by Europol.

The sudden termination of gang activities does not necessarily mean that its members have given up on cybercrime. As with other groups, the action may only be a way of eluding investigations and erasing traces and there is great possibility that Ragnarok will return to operation in the future using new identities and tools.

Source: The Record, Bleeping Computer

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button