Europol Strike Wounds Ragnar Locker Ransomware Group

Several countries in Europe as well as the United States and Japan were involved in the operation, which is aimed at defanging one of the bigger names in ransomware.

Dark Reading Staff, Dark Reading

October 19, 2023

1 Min Read
Europol headquarters in the Hague
Source: David Waters via Alamy Stock Photo

In an ongoing operation conducted by law enforcement, Ragnar Locker's Tor negotiation and data leak sites were taken down and replaced with a notice stating that the websites had been seized in a "coordinated international law enforcement action."

Europol is involved in taking action against the ransomware group, as well as law enforcement officials from the United States, and Japan. According to a Europol spokesperson, a press release will be announced on Oct. 20 when "all actions have been finalized."

"While on the surface, this feels like a win, ultimately it may be no more than an inconvenience for the Ragnar group if they are able to quickly set up other servers to replace these," stated Erick Kron, security awareness advocate at KnowBe4. "In addition, this could cause problems for people whose organizations have been impacted by a ransomware attack but have now lost a method to negotiate with the bad actors. Unless the websites that were seized contain information or decryption keys for these people, it could significantly delay their ability to recover."

It is still unclear as to whether or not any arrests have been made or if any stolen funds were recovered. 

According to Dragos, the group is known for focusing on the energy sector. In the past, Ragnar Locker has been tied to various attacks, including when it hit the Mayanei Hayeshua Medical Center in Bnei Brak just this past summer, and when it targeted TAP Air Portugal's systems and claimed to have stolen data

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights