Ragnarok Ransomware Operation Shuts Down and Releases Free Decrypter

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,491
46,201
The Ragnarok (or Asnarök) ransomware gang shut down their operation today and released a free decryption utility to help victims recover their files.

The free decrypter, hardcoded with a master decryption key, was released today on the gang’s dark web portal, where the group previously used to publish files from victims who refused to pay. The decrypter, which has been confirmed to work by multiple security researchers, is currently being analyzed before security firms will rewrite a clean and safe-to-use version that will be made publicly available through Europol’s NoMoreRansom portal. Prior to shutting down earlier today, the Ragnarok gang had been active since late 2019 and early 2020.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,234
41,285
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files.
A universal decryptor for Ragnarok ransomware is currently in the works. It will soon become available from Emsisoft, a company famed for assisting ransomware victims with data decryption.

The Ragnarok ransomware group has been around since at least January 2020 and claimed dozens of victims after making headlines for exploiting the Citrix ADC vulnerability last year.

Ragnarok is not the only ransomware gang to release a decryption key this year
Researchers also provided decryptors [1, 2, 3], and sometimes the provenance of these tools remained uncertain, as it happened with the Kaseya attack.
 
Top