Operators behind the Ragnarok ransomware appear to have shut down their operation for an unknown reason.
The gang deleted all information about victims from their darknet leak site, replacing it with a short message, containing a link to an archive containing the master decryption key and an instruction on how to recover the encrypted files.
According to Bleeping Computer, prior to shutting down the group’s leak site listed 12 victims, added between July 7 and August 16, with targets located in France, Estonia, Sri Lanka, Turkey, Thailand, U.S., Malaysia, Hong Kong, Spain, and Italy.
The Ragnarok ransomware operation has been active since at least January 2020 and used exploits to break into a target company’s network and perimeter devices, such as Citrix ADC gateways.
Rangnarok is not the only ransomware operation that shut down this year. In April, operators behind the Avaddon ransomware closed down their operation and released over 2,000 decryption keys for their victims. In July, the notorious Russia-linked REvil ransomware group believed to be behind a series of ransomware attacks on hundreds of organizations and businesses worldwide, including the US software vendor Kaseya, and the world’s largest meat processor JBS, went offline.