Law enforcement has taken down one of the most destructive ransomware gangs
International law enforcement authorities said Friday they've taken down key infrastructure and arrested a hacker believed to be tied to a ransomware gang that's been targeting critical infrastructure.
Driving the news: The dark-web site for RagnarLocker was replaced Thursday with a notice saying it had been "seized as part of a coordinated international law enforcement action."
- Europol said in a press release Friday that the website seizure was part of a larger, coordinated campaign that involved arresting a suspected RagnarLocker developer on Monday, interviewing five other suspected members throughout the week, and seizing the group's network infrastructure this week.
- Law enforcement officials across Europe, the U.S. and Japan were involved in the operation, Europol said.
- TechCrunch and BleepingComputer first reported on the website seizure.
Why it matters: The law enforcement operation is a major blow to one of the most destructive ransomware gangs.
- Many ransomware criminals are located in so-called "safe harbor" countries where they're unlikely to be extradited if indicted.
- This leaves law enforcement turning more often to infrastructure takedowns, website seizures and financial sanctions to disrupt the ransomware ecosystem.
- Last month, the gang claimed responsibility for a cyberattack on Israel-based Mayanei Hayeshua Medical Center, resulting in patient care being redirected to other facilities and sensitive data leaks.
- The FBI estimated that as of January 2022 — the latest government numbers available — the group had targeted at least 52 organizations across U.S. critical infrastructure.
Yes, but: Cybercriminals are known to find ways to rebuild after a law enforcement takedown.
Editor's note: This story was updated to include a statement from a Europol press release on Friday.