Ragnarok ransomware gang shuts down its operations

The Ragnarok ransomware gang that was operational since 2019 has shut down their operations and have released the decryption key for the victims. The gang gained popularity after they attacked Citrix ADC servers that were unpatched.

Ragnarok, sometimes known as Ragnar Locker or Asnarok replaced 12 of the victims listed on its dark web portal last week with a decryption key and short instruction. Emsisoft experts studied the decryptor release and have confirmed that it has a master decryption key.

The gang targets IT networks and have exploited a Citrix ADC vulnerability to search the computers for the EternalBlue vulnerability. The attack racked up more than $4.5 million in ransom payments.

In April 2020, the gang hacked Portuguese energy giant EDP and stole data worth 10 terabytes. They end up asking for a ransom of $10.9 million and exfiltrate 2TB of data such as employee records, bank statements, and celebrity agreements.

Capcom is also targeted by the gang that have the personal data of 390,000 customers, external parties, and business partners.

This year, many other ransomware gangs have retired including SynAck, Ziggy Avaddon, and Fonix that also gave up the encryption key to help victims.