Ransomware Gang Ragnarok is Shutting Down
The gang has released free keys to its victims. Ragnarok mainly made money with Citrix attacks.
The gang has been around since 2019 and carried out attacks on unpatched Citrix servers, among other things. However, Ragnarok would stop now. Last week, the gang published instructions on its dark web portal explaining how to decrypt the ransomware, along with decryption software.
The latter was analyzed by security company Emsisoft and is said to contain a universal key for the Ragnarok ransomware. That writes Bleeping Computer.
Ragnarok has raked in some $4.5 million in ransom in recent years, primarily through the exploitation of Citrix networks. The gang’s targets include energy supplier EDP and game developer Capcom.
It’s not clear why Ragnarok is quitting now or whether the gang will stay away. There is no kind of formal suicide note. However, it is true that more gangs have officially closed the books in recent months. For example, REvil, the gang behind the Kaseya attacks, disappeared from the net in July.
Another group, DarkSide, which attacked the American oil group Colonial Pipeline, also says it will stop. However, it is suspected that the suds are no longer worth the carbon now that American security services are taking stricter action against ransomware gangs.