27 August 2021

Ragnarok ransomware gang shuts down operation, releases master decryption key


Ragnarok ransomware gang shuts down operation, releases master decryption key

Operators behind the Ragnarok ransomware appear to have shut down their operation for an unknown reason.

The gang deleted all information about victims from their darknet leak site, replacing it with a short message, containing a link to an archive containing the master decryption key and an instruction on how to recover the encrypted files.

According to Bleeping Computer, prior to shutting down the group’s leak site listed 12 victims, added between July 7 and August 16, with targets located in France, Estonia, Sri Lanka, Turkey, Thailand, U.S., Malaysia, Hong Kong, Spain, and Italy.

The Ragnarok ransomware operation has been active since at least January 2020 and used exploits to break into a target company’s network and perimeter devices, such as Citrix ADC gateways.

Rangnarok is not the only ransomware operation that shut down this year. In April, operators behind the Avaddon ransomware closed down their operation and released over 2,000 decryption keys for their victims. In July, the notorious Russia-linked REvil ransomware group believed to be behind a series of ransomware attacks on hundreds of organizations and businesses worldwide, including the US software vendor Kaseya, and the world’s largest meat processor JBS, went offline.

Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021