A joint law enforcement operation involving the U.S. FBI, the European Union Agency for Law Enforcement Cooperation, and various national police forces have seized data leak sites belonging to the Ragnar Locker ransomware gang.
Ragnar Locker’s main dark web leak site now shows a message stating that “this service has been seized as part of a coordinated international law enforcement action against the Ragnar Locker group.
A Europol spokesman confirmed that the seizure is legitimate and part of an ongoing action targeting the gang and that further information will be forthcoming soon. The FBI so far has declined to comment.
Ragnar Locker is a well-known double-tap ransomware gang, so-called because it both encrypts files and steals data, demanding a ransom payment for both a decryption key and a promise not to publish the stolen data.
The gang has used varying methods over the years to target victims, including having previously taken to buying Facebook advertising to put pressure on its victims to pay up.
Victims of Ragnar Locker include Italian drinks maker Davide Campari-Milano S.p.A, French shipping giant CMA CGM S.A. in September 2020 and Japanese video game developer Capcom Co. Ltd.
The FBI states, as of January 2022, it has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.