The Ragnarok ransomware gang, which gained notoriety last year for stealing up to 10TB of data from Portuguese energy giant EDP, has reportedly shut shop and has published a decryption key to let all victims recover their data.
The news was first reported by Recorded Future who found that the ransomware gang recently published a master decryption key on the same dark web portal where it previously published stolen data after victims refused to pay a ransom. The decrypter is presently being analysed and refined by security firms who will make it publicly available through Europol’s NoMoreRansom portal.
While it is not clear what made the hackers shut down their business, Ragnarok now joins the likes of infamous ransomware gangs such as REvil, DarkSide, and Ziggy who were forced to shut shop earlier this year following a spate of disruptive ransomware attacks and law enforcement crackdowns.
The Ragnarok ransomware gang is known to use the Ragnar Locker ransomware to gain access to IT networks and encrypt information stored in unprotected servers. Last year, Microsoft named Ragnar Locker among four ransomware strains that were actively used by ransomware gangs to infiltrate corporate systems.
According to the Infosec Institute, the Ragnar Locker ransomware primarily affects devices running Microsoft Windows operating systems and the first infections were discovered in late 2019. The ransomware is deployed after an initial compromise, network reconnaissance, and pre-deployed tasks on the network. Its operators also threaten victims with releasing stolen files if a ransom is not paid.
In April 2020, Ragnarok stole up to 10TB of data belonging to Portuguese energy giant EDP and threatened to leak the stolen data if a ransom of $10.9 million was not paid by the company. The gang also exfiltrated up to 2TB of data, including bank statements, employee records, and celebrity agreements, from the servers of Italian liquor giant Campari Group. Ragnarok reportedly demanded a ransom of $15 million from the liquor giant.
In November, Ragnarok also targeted Capcom, the Japanese video games giant that owns popular gaming titles such as Street Fighter, Resident Evil, and Devil May Cry. The gang reportedly stole the personal data of 390,000 customers, business partners, and other external parties from Capcom’s systems.