Ragnarok Ransomware Operation Shuts Down and Releases Free Decrypter

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
The Ragnarok (or Asnarök) ransomware gang shut down their operation today and released a free decryption utility to help victims recover their files.

The free decrypter, hardcoded with a master decryption key, was released today on the gang’s dark web portal, where the group previously used to publish files from victims who refused to pay. The decrypter, which has been confirmed to work by multiple security researchers, is currently being analyzed before security firms will rewrite a clean and safe-to-use version that will be made publicly available through Europol’s NoMoreRansom portal. Prior to shutting down earlier today, the Ragnarok gang had been active since late 2019 and early 2020.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files.
A universal decryptor for Ragnarok ransomware is currently in the works. It will soon become available from Emsisoft, a company famed for assisting ransomware victims with data decryption.

The Ragnarok ransomware group has been around since at least January 2020 and claimed dozens of victims after making headlines for exploiting the Citrix ADC vulnerability last year.

Ragnarok is not the only ransomware gang to release a decryption key this year
Researchers also provided decryptors [1, 2, 3], and sometimes the provenance of these tools remained uncertain, as it happened with the Kaseya attack.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top