Ragnarok ransomware gang stop and release decryption key

Ragnarok ransomware gang stop and release decryption key
The cyber criminals behind the Ragnarok ransomware have decided to go out of business and have now released the master key capable of decrypting files locked with their malware. As BleepingComputer reported, the Ragnarok ransomware gang didn't even leave a note explaining the move. Instead, they replaced all the victims on their leak site with a short set of instructions that told them how they could decrypt their files using the now publicly available master key. At the same time, the group's leak site, which was used to shame victims into paying to decrypt their files, has been stripped of all visual elements. The site now only has several text boxes with instructions, as well as a file containing the master key and accompanying binaries. Typically, when ransomware groups go out of business, they often leave a note explaining their actions or contact a media outlet, as was the case with the GandCrab ransomware group in 2019 and the Maze ransomware group last year. When GandCrab explained why it was being shut down in a post on a popular hacking forum, the operators behind the Maze ransomware personally contacted BleepingComputer to explain their decision.

The victims left

Until recently, the Ragnarok ransomware leak site provided details of 12 victims whose companies are located in France, Estonia, Sri Lanka, Turkey, Thailand, the United States, Malaysia, Hong Kong, Spain and Italy and operate in various sectors, from manufacturing to legal services. BleepingComputer also spoke with ransomware expert Michael Gillespie, who confirmed that you can decrypt locked files using Ragnarok ransomware with a master key. However, Emsisoft is currently developing a universal decryptor for Ragnarok ransomware, which is also working on a decryption utility for SynAck ransomware whose operators shut down earlier this month. The Ragnarok ransomware group has been active in the wild since at least January of last year. The group gained notoriety by exploiting the Citrix ADC vulnerability to encrypt the systems of dozens of victims. We will have to wait and see if the cybercriminals behind Ragnarok develop a new strain of ransomware or if they have officially stopped it for good. Via BleepingComputer

You might also be interested ...