Ragnarok ransomware gang shuts down and releases decryption key

News
By published

Ragnarok victims can now decrypt their files using the group's master key

cybercriminal
(Image credit: Pixabay)

The cybercriminals behind the Ragnarok ransomware have decided to close up shop and have now released the master key capable of decrypting files locked with their malware.

As reported by BleepingComputer, the Ragnarok ransomware gang didn't even leave a note explaining the move. Instead, they replaced all of the victims on their leak site with a short set of instructions that informed them how they could decrypt their files using the now publicly available master key.

At the same time, the group's leak site, which was used to shame victims into paying to decrypt their files, has been stripped of all visual elements. The site now only has several text boxes with instructions as well as an archive containing the master key and the binaries that go along with it.

Normally when ransomware groups shut down, they often leave a note explaining their actions or reach out to a news outlet as was the case with the GandCrab ransomware group in 2019 and the Maze ransomware group last year. While GandCrab explained why it was shutting down in a post on a popular hacking forum, the operators behind the Maze ransomware personally reached out to BleepingComputer to explain their decision.

Victims off the hook

Up until recently, the Ragnarok ransomware leak site provided details on 12 victims whose companies are located in France, Estonia, Sri Lanka, Turkey, Thailand, the US, Malaysia, Hong Kong, Spain and Italy and operate across a variety of industries from manufacturing to legal services.

BleepingComputer also spoke to ransomware expert Michael Gillespie who confirmed that he was able to decrypt files locked using the Ragnarok ransomware with the master key. However, a universal decryptor for the Ragnarok ransomware is currently in development by Emsisoft which is also working on a decryption utility for the SynAck ransomware whose operators closed up shop earlier this month.

The Ragnarok ransomware group has been active in the wild since at least January of last year. The group gained notoriety for exploiting the Citrix ADC vulnerability to encrypt the systems of dozens of victims.

We'll have to wait and see if the cybercriminals behind Ragnarok are developing a new ransomware strain or if they've officially called it quits for good.

Via BleepingComptuer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware
8base ransomware site taken down in global police operation
Ransomware
Lee Enterprises blames cyberattack for encrypting critical systems as US newspaper outages drag on
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser

Disney+ celebrates 5 years of streaming with 2025 lookahead – here are 3 movies and shows I can't wait to watch
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)