icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
21 Oct, 2023 21:03

Europol busts major ransomware gang

The Ragnar Locker group has been brought down in an international operation and its suspected leader arrested
Europol busts major ransomware gang

Europol has announced the dismantling of Ragnar Locker, a multinational crime group described as “one of the most dangerous ransomware operations” of recent years.

In a statement made on Friday, Europol said the group was taken down during a major operation by police and judicial authorities from eleven countries. 

“This international sweep follows a complex investigation led by the French National Gendarmerie, together with law enforcement authorities from the Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States of America,” Europol said in a statement, adding that the first round of arrests under the case were made in Ukraine in late 2021. 

The final stage of the months-long operation was carried out over October 16-20 with multiple searches conducted in Latvia, Spain, and the Czech Republic. The suspected leader of the group was arrested in France on October 16 and his home in the Czech Republic searched at the same time. Five other suspects were brought in for questioning in Spain and Latvia shortly thereafter, Europol revealed. 

Law enforcement seized servers and other infrastructure used by the group in the Netherlands, Germany, and Sweden, taking offline Ragnar Locker’s leak site, which is located on the dark web. 

The group had been active since December 2019, preying on remote access and administration software to attack various companies and institutions and holding them ransom. The group explicitly warned its victims not to contact any authorities, leaking stolen data on the dark web should they approach law enforcement instead of paying the ransom. Other part of the extortion tactic by the group involved demanding money from its victims for decrypting tools.

The most notable attacks carried out by the group involved hitting TAP Air Portugal, the country’s flagship carrier in late 2022, as well as a major Israeli clinic, the Mayanei Hayeshua hospital, in September of this year.

Podcasts
0:00
28:21
0:00
25:26