[TheRecord] Ragnarok ransomware operation shuts down and releases free decrypter

The Ragnarok (or Asnarök) ransomware gang shut down their operation today and released a free decryption utility to help victims recover their files.

The free decrypter, hardcoded with a master decryption key, was released today on the gang’s dark web portal, where the group previously used to publish files from victims who refused to pay.

Image: The Record
Image: The Record
Image: The Record

The decrypter, which has been confirmed to work by multiple security researchers, is currently being analyzed before security firms will rewrite a clean and safe-to-use version that will be made publicly available through Europol’s NoMoreRansom portal.

Prior to shutting down earlier today, the Ragnarok gang had been active since late 2019 and early 2020.

The gang operated by using exploits to breach a target company’s network and perimeter devices, from where it would pivot to internal networks and encrypt crucial servers and workstations.

To improve its chances of getting paid, the Ragnarok gang also stole files from victim networks, which it threatened to leak on its dark web portal unless the ransom was paid on time.

The group historically targeted Citrix ADC gateways and was also behind the campaign that exploited a zero-day in the Sophos XG firewalls. While the zero-day exploit worked and allowed the gang to backdoor XG firewalls across the world, Sophos spotted the attack in time to prevent the group from deploying its file-encrypting payload.

A month before shutting down today, the Ragnarok team changed the design of its site, removed most past victims, and later even rebranded as “Daytona by Ragnarok.”

New leak site for Ragnarok ransomware pic.twitter.com/ZvbXt7LPpm

— Catalin Cimpanu (@campuscodi) July 28, 2021

Ragnarok now becomes the third ransomware group that shuts down and releases a way for victims to recover files for free this summer, after the likes of Avaddon in June and SynAck earlier this month.

The post Ragnarok ransomware operation shuts down and releases free decrypter appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Cryptocurrency has overtaken bank transfers for payments into investment scams: ACCC

All posts, ZDNet

Australian consumer watchdog says the lack of regulations in the crypto wild west is helpful to scammers. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ThreatPost] Ransomware Poll: 80% of Victims Don’t Pay Up

All posts, ThreatPost

Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack. Source: Read More (Threatpost)

Read More

[SecurityWeek] Cybersecurity M&A Roundup: 38 Deals Announced in July 2021

All posts, Security Week

Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.