Updated Oct 20, 2023 - Technology

Law enforcement has taken down one of the most destructive ransomware gangs

Image of a ransomware note on a computer screen

IT security specialist respond to a test ransomware scenario at the Athene Cyber Security Centre in Darmstadt, Germany, in December 2019. Photo: Frank Rumpenhorst/picture alliance via Getty Images.

International law enforcement authorities said Friday they've taken down key infrastructure and arrested a hacker believed to be tied to a ransomware gang that's been targeting critical infrastructure.

Driving the news: The dark-web site for RagnarLocker was replaced Thursday with a notice saying it had been "seized as part of a coordinated international law enforcement action."

  • Europol said in a press release Friday that the website seizure was part of a larger, coordinated campaign that involved arresting a suspected RagnarLocker developer on Monday, interviewing five other suspected members throughout the week, and seizing the group's network infrastructure this week.
  • Law enforcement officials across Europe, the U.S. and Japan were involved in the operation, Europol said.
  • TechCrunch and BleepingComputer first reported on the website seizure.

Why it matters: The law enforcement operation is a major blow to one of the most destructive ransomware gangs.

The big picture: U.S. law enforcement and its international partners have been increasingly working to take down ransomware gangs by targeting their online infrastructure and funding sources.

  • Many ransomware criminals are located in so-called "safe harbor" countries where they're unlikely to be extradited if indicted.
  • This leaves law enforcement turning more often to infrastructure takedowns, website seizures and financial sanctions to disrupt the ransomware ecosystem.

The intrigue: RagnarLocker is known for going after healthcare systems, energy sector companies and other critical infrastructure organizations.

  • Last month, the gang claimed responsibility for a cyberattack on Israel-based Mayanei Hayeshua Medical Center, resulting in patient care being redirected to other facilities and sensitive data leaks.
  • The FBI estimated that as of January 2022 — the latest government numbers available — the group had targeted at least 52 organizations across U.S. critical infrastructure.

Yes, but: Cybercriminals are known to find ways to rebuild after a law enforcement takedown.

Editor's note: This story was updated to include a statement from a Europol press release on Friday.

Go deeper