In good news for businesses, another cyber criminal gang notorious for ransomware attacks has shut down. Before shutting down, the Ragnarok gang published its decryptor online, allowing victims to unlock and recover their files.
The decryptor, which is usually supplied after victims are forced to pay a ransom of thousands, came hardcoded with a master decryption key for free. Previously, Ragnarok’s public site was the place where the group would publish data from victims who refused to pay the set ransom.
The news is positive as Ragnarok is now the third ransomware group that has shut down this summer, following Avaddon in June and SynAck in August.
Several researchers have confirmed that the Ragnarok decryptor works as advertised too. It’s currently being analysed, before researchers eventually release a clean version that is safe to use on Europol’s NoMoreRansom portal.
Having been active since late 2019, Ragnarok have been a constant threat to businesses across a range of industries. A signature style of attack from the group was to use exploits to breach a target company’s network and perimeter devices. From there, it would work within the internal network to encrypt an organisation’s servers and workstations.
Ragnarok was of one of a number of ransomware groups that would not just encrypt, but steal files so it could threaten to leak them on its portal to pressure victims to pay demanded ransoms, and then make good on the threat if the threat actors didn’t receive their money by a given deadline.
It is thought that they’ve shuttered operations in part due to mounting pressures and crackdowns from international authorities that already have led some key players to cease their activity. As well as Ragnarok, Avaddon and SyNack, two heavy hitters in the game — REvil and DarkSide – also closed up shop earlier this year.
However, even as some ransomware groups are hanging it up, new threat groups are filling in the gaps left in their wake, as cyber attacks continue to impact upon companies around the world. Two newcomer groups, Haron and BlackMatter, are among those that have emerged recently with intent to use ransomware to target large organisations that can pay hundreds of thousands of pounds in ransoms to fill their pockets.
Indeed, researchers think Ragnarok’s exit from the field isn’t permanent, and that the group will resurface in a new incarnation at some point. Neuways advises businesses to take the positive news with a pinch of salt. While this is genuinely great news, as mentioned, the vacancy will give plenty of pretenders a sense they can take advantage of businesses who may let up, given the news. Ensure your business is carefully carrying out its existing cyber security measures and you will be helping to put off cyber crime gangs from seeing businesses as easy targets and, ultimately, sources of revenue.