EUROPOL’S RAGNAR LOCKER SUCCESS
Ransomware rules the roost in the world of Cyber Security and ransomware gangs can wreak havoc at will, anywhere on the face of this earth. Their potent attacks have brought down strongest of the governments and enterprises to its knees. It is also very uncommon that an investigative agency is able to crack on them with some tangible results, which can be debilitating to their operations. One such ransomware gang calling the shots for quite some time has been Ragnar Locker. It emerged in Dec 2019. The targets of this gang are corporate networks and its normal modus operandi is multi-extortion.
The multi-extortion seems to have become a grand ransomware attack business model. To the payment demanded for decryption tool/s, an additional payment has been added. It is for non-release of data. Ragnar Locker does not tolerate any use of “negotiation” or “recovery” companies during negotiations. They use different ransomware payloads from other malicious developers, while keeping their malware up-to-date. It typically targets organizations in a variety of industries; healthcare, government, technology, finance, education, media etc. The mode of its delivery is via Cobalt Strike or similar frameworks. Exposed RDP services via brute-force is often targeted and it also conducted through purchased credential sets.
Since the days of FBI effective crackdown on Silk Road and its closure around a decade back, there have not been very successful investigative ventures in this field. In this context, Europol dismantling Ragnar Locker ransomware infrastructure and nabbing the key developer recently is praiseworthy. The action has been carried between Oct 16 and 20 and searches were conducted in Czechia, Spain and Latvia. “The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.”
The most fascinating part was that international investigative collaboration was in full display and operation, generally found wanting every time. The latest coordinated exercise involved authorities of Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the US. Two suspects of the same gang were previously arrested from Ukraine in 2021. A year later, another member was apprehended in Canada. This nature of collaborative integrated investigation is like a breeze of fresh air, in a world totally broken in silos – based on nation states; both in cases of cyber security initiatives, and in cyber crime investigation. Nothing much in these areas can be handled in silos and by a single nation state.
RAGNAR LOCKER IN ALL LIKLIHOOD WILL APPEAR AGAIN ONE WAY OR THE OTHER.
Have a nice evening.