The notorious RagnarLocker ransomware group’s dark web portal has been captured by a coalition of international law enforcement agencies. Currently, the site displays a message indicating that it has been taken down due to a combined effort by agencies from the U.S., the European Union, and Japan.
The full extent of this operation remains undisclosed, including whether the group’s infrastructure has been compromised, if any arrests have occurred, or if any stolen assets have been reclaimed.
Europol’s Claire Georges verified the agency’s involvement in this action against RagnarLocker, noting that a more detailed announcement will be made on Friday once all actions are concluded. Similarly, the Italian State Police are set to release information about the operation on the same day. The FBI, however, chose not to comment.
RagnarLocker, both a ransomware variant and the criminal group behind it, has been active since 2020, primarily targeting essential infrastructure sectors. Security experts have sometimes linked this group to Russia. In a warning issued last year, the FBI highlighted at least 52 U.S. entities across multiple sectors, such as manufacturing and energy, affected by RagnarLocker. The FBI also shared signs of RagnarLocker’s activities, like specific Bitcoin addresses and email accounts used by the group.
Even with ongoing surveillance by law enforcement, the group has continued its malicious activities. Ransomware tracker Ransomwatch reported recent victim targeting by RagnarLocker. Notably, in September, the group acknowledged an attack on an Israeli hospital and threatened to leak a vast amount of data purportedly taken during the assault.