Police Dismantle Ragnar Locker Ransomware Group

Written by

Global law enforcers have claimed another victory in the ongoing fight against ransomware, after seizing infrastructure and arresting a suspected key member of the Ragnar Locker group.

Between October 16 and 20, police conducted searches in Czechia, Spain and Latvia, including the home of their “key target” – a suspected developer for the group.

That individual was arrested in the French capital last Monday and has already been brought before the examining magistrates of the Paris Judicial Court. Five other suspects were interviewed by officers in Spain and Latvia.

Ragnar Locker infrastructure was seized in the Netherlands, Germany and Sweden and the group’s data leak website on Tor was taken down in Sweden, Europol revealed.

Read more: Ragnar Locker Ransomware Hides in Virtual Machine to Escape Detection

The latest swoop by police follows years of investigative work by the French National Gendarmerie and authorities from Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the US.

This included a first round of arrests in Ukraine in 2021 that also resulted in the seizure of luxury vehicles, cash and cryptocurrency worth over $1m.

Active since 2019, Ragnar Locker employed a classic double extortion technique – stealing data before encrypting it and then posting to a leak site if the victim organization didn’t pay up in time.

Critical infrastructure was a popular target for the group and its affiliates, with the latest victims including a Portuguese airline and an Israeli hospital, Europol claimed.

The head of Europol’s European Cybercrime Centre (EC3), Edvardas Šileris, argued that the investigation proves the value of international cooperation in taking ransomware groups down.

“Prevention and security are improving, however ransomware operators continue to innovate and find new victims,” he added.

“Europol will play its role in supporting EU member states as they target these groups, and each case is helping us improve our modes of investigation and our understanding of these groups. I hope this round of arrests sends a strong message to ransomware operators who think they can continue their attacks without consequence.”

What’s hot on Infosecurity Magazine?