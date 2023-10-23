Europol has announced Friday the dismantling of the hacker group associated with the Ragnar Locker ransomwarealong with the arrest of a “key target” in France.

The dismantling of the hacker group that spreads ransomware called Ragnar Locker

“The action was carried out between 16 and 20 October, with searches carried out in the Czech Republic, Spain and Latvia“, has declared the agency. “The main culprit, suspected of being a developer of the Ragnar group, he was brought before the investigating magistrates of the Judicial Court of Paris“.

It is known that five other accomplices associated with the ransomware gang were brought in for questioning in Spain and Latvia, with the servers and “data leak” portal seized in the Netherlands, Germany and Sweden.

This effort represents the latest coordinated activity involving authorities from the Czech Republic, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States; two suspects associated with the ransomware gang were previously arrested in Ukraine in 2021 and a year later, another member was arrested in Canada.

Ragnar Locker, which first emerged in December 2019, is known for a series of attacks targeting entities various infrastructures around the world; according to Eurojust, the group committed attacks against 168 companies international worldwide from 2020.

“The Ragnar Locker group was known to use a double extortion tactic, demanding exorbitant payments for decryption tools and for non-disclosure of stolen sensitive data“, Europol said.

Ukraine’s “cyber police” (the equivalent of our postal police, so to speak) declared that they had conducted searches at the residence of one of the suspected members in Kievseizing laptops, cell phones and electronic media.

The action of the police coincides with the infiltration and closure of the leak site managed by the group “originator” of Trigona ransomware by Ukrainianian Cyber ​​Alliance (UCA), which eliminated 10 of the servers, but not before extracting the data stored in them; there is evidence to suggest that the authors behind Trigona have used Atlassian Confluence for their business.

Just like the dismantling of Hive and Ragnar Locker represent ongoing efforts to address the ransomware threat, similarly they are the initiatives undertaken by bad actors to evolve and relaunch themselves with new names; for example, Hive resurfaced as Hunters International.

All this occurs while the Central Bureau of Investigation of India, based on information shared by Amazon and Microsoft also said it had done so searches in 76 locations across 11 states as part of a nationwide operation aimed at dismantling the infrastructure used to facilitate technology-enabled financial crimes, such as tech support scams and cryptocurrency fraud.

The mission, called Operation Chakra-II, led to the seizure of 32 mobile phones, 48 ​​laptops/hard drives, images of two servers, 33 SIM cards and pen drives, as well as the recovery of 15 email accounts.

This also follows the extradition of Sandu Diaconu, a 31-year-old Moldovan national, from the UK to the US to face charges related to his role as an administrator of E-Root Marketplace, a website that offered access to over 350,000 compromised computer credentials worldwide for ransomware attacks, unauthorized transfers and tax fraud.

The website, which went live in January 2015, it closed in 2020 and Diaconu was arrested in the UK in May 2021 while trying to flee the country.

“E-Root Marketplace operated on a widely distributed network and took measures to hide the identities of its administrators, buyers and sellers“, has declared this week the US Department of Justice (DoJ) regarding the Ragnar Locker group.

In a related lawsuit, former U.S. Navy IT manager Marquis Hooper was sentenced to five years and five months in prison for illegally obtaining the personal identifying information of 9,000 American citizens and selling it on the dark web for $160,000 in bitcoin.