



After launching an attack on an unpatched Citrix ADC server, the infamous ransomware gang Ragnarok, which has been in operation since 2019, shuts down and releases a free decryption key for victims. bottom.

The gang, sometimes referred to as Asnarok, last week replaced all 12 victims listed on the Dark Web Portal with a brief description of how to decrypt files. This was accompanied by the release of a decryption feature that Emsisoft experts have verified to include the master decryption key. A security company known for helping victims of ransomware decrypt data has also released a universal decryption feature for Ragnarok ransomware.

Ragnarok is best known for targeting IT networks with RagnarLocker ransomware. According to Ransomwhe, he claimed to have exploited a Citrix ADC vulnerability to search for Windows computers vulnerable to the EternalBlue vulnerability, resulting in dozens of casualties. Repayment tracker.

In April 2020, cybercriminals stole 10 terabytes of data from Portuguese energy giant EDP and threatened to leak the data if the $ 10.9 million ransom was not paid. The gang also demanded that it steal up to 2TB of data from the servers of Italian liquor giant Campari Group, such as bank statements, employee records, and celebrity contracts, and give them $ 15 million in ransom.

And in November, the short-lived ransomware gang also targeted Capcom, the Japanese video game giant behind titles such as Street Fighter, Resident Evil, and Devil May Cry. The gang reportedly stole the personal data of 390,000 customers, business partners and other outside parties from Capcom’s system.

The shutdown news was first reported by Bleeping Computer.

It is not clear why Ragnarok decided to stop it because there is no official departure note. However, other ransomware gangs have adopted similar self-destructive tactics in the face of increasing pressure from the US government, which branded ransomware as a national security threat earlier this year. REvil, the gang behind the JBS attack, has mysteriously disappeared from the Internet, and Dark Side, the gang behind the Colonial Pipeline incident, has also announced that it will retire.

Other ransomware gangs such as Ziggy Avaddon, SynAck, and Phonics have also retired from hacking this year, abandoning their keys to help victims recover from the attack.

Of course, it’s still unclear whether Ragnarok’s disappearance is permanent or just a rebranding. The infamous Doppel Payment ransomware gang has recently reappeared as Grief Ransomware after months of inactivity.

I’m sure it’s temporary, but Allan Liska of the Recorded Futures Computer Security Incident Response Team is happy to see another win.

