Another cyber-criminal gang notorious for ransomware attacks has shut down, publishing its decryptor online to allow victims unlock & recover files.
The cyber-criminal group, active since late 2019, has closed its doors & released the key to unlocking victims’ files on its dark web portal.
The Ragnarok gang, also known as Asnarok, closed up this week, publishing the news to their public website, according to a post published Thur. by analyst firm Recorded Future’s The Record, among other sources.
Master Decryption Key
As a parting “gift,” the group released their decryptor, hardcoded with a master decryption key, for free as well on the portal. Previously, the site was mainly the place where Ragnarok would publish data from victims who refused to pay ransom.
“Ragnarok now becomes the 3rd ransomware group that shuts down & releases a way for victims to recover files for free this summer, after the likes of Avaddon in June and SynAck earlier this month,” states The Record.
Several security researchers have confirmed that the Ragnarok decryptor works, according to the post. It’s currently being analysed & researchers will eventually release a clean version that is safe to use on Europol’s NoMoreRansom portal.
Data Thieves
Ragnarok, active since late 2019, was seen in April in an attack on luxury Italian men’s clothing line Boggi Milano. The gang stole 40Gb of data from the fashion house, including human resources & salary details.
Ragnarok’s typical method was to use exploits to breach a target company’s network & perimeter devices. From there it would work from the internal network to encrypt an organisation’s servers & workstations.
Ransomware Groups
Ragnarok also was of one of some ransomware groups that would not just encrypt but also steal files so it could threaten to leak them on its portal to pressure victims to pay demanded ransoms, & then carry out the threat if the threat players didn’t get their money by a set deadline.
Targeting Citrix ADC gateways was a specialty of the group, which also was behind the campaign that exploited a zero-day in the Sophos XG firewalls, states the post.
“While the zero-day exploit worked & allowed the gang to backdoor XG firewalls across the world, Sophos spotted the attack in time to prevent the group from deploying its file-encrypting payload,” explains the Record.
Ransomware Gangs Dropping
The gang is the latest ransomware group to shutter operations, due in part to mounting pressures & crackdowns from international authorities that already have led some key players to cease their activity.
In addition to Avaddon & SyNack, 2 big players — REvil & Dark Side – also closed up shop recently.
Pressure
Other ransomware groups are feeling pressure in other ways.
An apparently angry affiliate of the Conti Gang recently leaked the play-book of the ransomware group after alleging that the notorious cyber-criminal organisation underpaid him for doing its work.
However, even as some ransomware groups are giving up, new threat groups that may or may not have evolved from the previous ranks of these organisations are coming in to fill the gaps.
New Incarnation
Haron & Black Matter are among those that have emerged recently with intent to use ransomware to target large organisations that can pay million-dollar ransoms to fill their pockets.
Some think Ragnarok’s exit from the field also isn’t permanent, & that the group will resurface in a new incarnation at some point.
“Even though I am sure is only temporary, it is nice to see another win,” tweeted Allan Liska, from Recorded Future’s Computer Security Incident Response Team, of the group’s shutdown.
https://www.cybernewsgroup.co.uk/virtual-conference-september-2021/
