The Ragnarok (Asnarök) ransomware gang shut down their operation and released a free decryption utility to help victims recover their files is hardcoded with a master decryption key, was released on the gang’s dark web portal.
The decrypter is currently being analyzed before security firms will rewrite a clean and safe-to-use version that will be made publicly available through Europol’s NoMoreRansom portal.
The gang operated by using exploits to breach a target company’s network and perimeter devices, from where it would pivot to internal networks and encrypt crucial servers and workstations.The Ragnarok gang also stole files from victim networks, which it threatened to leak on its dark web portal unless the ransom was paid on time.
The group historically targeted Citrix ADC gateways and was also behind the campaign that exploited a zero-day in the Sophos XG firewalls. While the zero-day exploit worked and allowed the gang to backdoor XG firewalls across the world. Before shutting down the Ragnarok team changed the design of its site, removed most past victims, and later even rebranded as “Daytona by Ragnarok.”
Ragnarok now becomes the third ransomware group that shuts down and releases a way for victims to recover files for free this summer, after the likes of Avaddon in June and SynAck earlier this month.