Ragnar Locker Ransomware Boss Arrested in Paris

Law enforcement agencies have arrested the suspected developer of the Ragnar Locker ransomware group, tracking the person down in Paris.

The arrest is part of a coordinated policing effort from 11 separate countries. Agents swarmed on operators of the prolific group, seizing its cybercrime infrastructure.

Europol released some details of the takedown on Oct. 20 after Ragnar Locker's Tor data-leak site was replaced with a vague notice of a "coordinated international law enforcement action" just days earlier; now, more details are forthcoming.

The person arrested is identified by Europol as the "main perpetrator suspected of being a developer of the Ragnar group." Five additional suspects were interviewed in Spain and Latvia, the statement added.

Ragnar Locker ransomware group has been active since 2019, targeting infrastructure including the energy sector, hospitals, airports, and more.

The group often used double extortion tactics, mounting pressure on victims to pay ransoms, Europol pointed out in its announcement, which added "The threat level of Ragnar Locker was considered as high, given the group’s inclination to attack critical infrastructure."

The following countries cooperated in the operation: Czech Republic, France, Germany, Italy, Japan, Latvia, Netherlands, Spain, Sweden, Ukraine, and the United States, Europol said.