It was in Paris that the mastermind of the terrible Ragnar-Locker ransomware was caught by the authorities. Its victims number in the thousands across the world.
Almost three years ago, the LDLC group paid the price for Ragnar Locker. 29.5 GB of company data had been put up for sale on the Dark Web. The group of hackers behind this ransomware had been identified since 2019 by the FBI, but never apprehended since. The main suspect was finally arrested on French territory on October 16, after a meticulously conducted international operation.
It is estimated that the group has attacked 168 companies internationally since 2020, so the gang members are very far from being casual hackers. All that remains is to cross our fingers that the procedure will follow its course, unlike the BX affair1where the suspect was able to escape his sentence.
A large-scale coordinated operation
After his arrest on October 16 in the French capital, the suspect’s home, located in the Czech Republic, was also searched. Europol said five more individuals were questioned in the following days, in Latvia and Spain. The Ukrainian police also had work to do since a seizure of equipment took place in kyiv, including telephones and laptops.
This gigantic dragnet is the result of close cooperation between several countries. In 2021, the Eurojust agency (European Union Judicial Cooperation Unit) was requested in May 2021 by the French authorities to open an investigation. From that moment on, five coordination meetings were organized to defeat the hacker group. Many countries were involved: Italy, Spain, Czech Republic, Sweden, Canada, Japan, Germany, Netherlands, France, United States and Latvia. International cooperation which demonstrates the scale of the matter.
The Ragnar-Locker Bane
This ransomware has been active since December 2019 and has literally swept across the entire planet. Traditionally, this malware operates on a so-called “ Ransomware-as-a-Service ». That is to say, the groups major software developers are recruiting other cybercriminals into their ranks. Once the teams are reinforced by these “employees”, they infiltrate the networks and receive a share of the revenue. The way Ragnar-Locker worked was completely different, since the team behind it was much more selective and went directly to seek out experts in cybersecurity and intrusion. A more professional method allowing more effective targeting of the targeted systems.
Among the victims of Ragnar-Locker we can cite big names like Capcom, Dassault Falcon, or ADATA, a Taiwanese manufacturer of computer components. An FBI report from March 2022 estimates that 52 American companies have been affected by ransomware since April 2020. So this is certainly the end of the run for the hacker group; a career which, however, lasted a little longer than that of the pirate Edward Teach, better known as Blackbeard.
Source : Bleeping Computer
16