upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,590
The Ragnarok (or Asnarök) ransomware gang shut down their operation today and released a free decryption utility to help victims recover their files.

The free decrypter, hardcoded with a master decryption key, was released today on the gang’s dark web portal, where the group previously used to publish files from victims who refused to pay. The decrypter, which has been confirmed to work by multiple security researchers, is currently being analyzed before security firms will rewrite a clean and safe-to-use version that will be made publicly available through Europol’s NoMoreRansom portal. Prior to shutting down earlier today, the Ragnarok gang had been active since late 2019 and early 2020.
 

Gandalf_The_Grey

Level 55
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,449
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files.
A universal decryptor for Ragnarok ransomware is currently in the works. It will soon become available from Emsisoft, a company famed for assisting ransomware victims with data decryption.

The Ragnarok ransomware group has been around since at least January 2020 and claimed dozens of victims after making headlines for exploiting the Citrix ADC vulnerability last year.

Ragnarok is not the only ransomware gang to release a decryption key this year
Researchers also provided decryptors [1, 2, 3], and sometimes the provenance of these tools remained uncertain, as it happened with the Kaseya attack.
 

Gandalf_The_Grey

Level 55
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,449
Top