RagnarLocker ransom gang taken down by FBI

Updated on: 15 November 2023

Damien Black
Senior Journalist
Contribution by Jurgita Lapienytė

RagnarLocker ransomware group has been taken down by a consortium of law enforcement agencies including the FBI and Europol.

The ransomware gang's website landing page now simply shows a message surrounded by multiple police agency insignias announcing: “This service has been seized as part of a coordinated international law enforcement action against the RagnarLocker group.”

CrowdStrike cybersecurity analyst Adam Meyers told Cybernews it expects the agencies involved in the bust to formally announce it later today.

He added: “CrowdStrike tracks RagnarLocker as Viking Spider, operating since at least December 2019.”

Describing it as “one of the first Big Game Hunting ransomware adversaries to leverage the threat of publication of stolen data to pressure victims,” Meyers said the gang has “posted over a hundred victims from 27 sectors.”

Cybernews checked out the gang's recent record on ransomware tracker website Ransomlooker and found that four of these victims were claimed this month, with another 14 notched up in September.

Ragnar table chart — Ransomlooker website chart tracking the RagnarLocker gang's progress

“CrowdStrike Intelligence assesses that this operation will likely severely impact Viking Spider operations in the medium term,” said Meyers. “This assessment is made with moderate confidence given the effectiveness of other similar operations.”

Security researcher Kimberly, aka @StopMalvertisin, confirmed the bust on Twitter aka X, posting a screenshot of the ransomware gang’s website landing page.

Cyber threat intelligence researcher Will, aka @BushidoToken, also shared the screenshot on X with the laconic epithet: “Tango down.”