Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Battling Cybercrime: Ragnar Locker Dismantled

Executive Summary

Law enforcement and judicial authorities from eleven countries have successfully taken down the Ragnar Locker ransomware gang, one of the most dangerous ransomware operations in recent years.

The operation was coordinated by Europol and Eurojust and targeted the group responsible for high-profile attacks on critical infrastructure worldwide. Collaboration among international law enforcement and judicial authorities played a crucial role in the success of this operation.

The takedown of the Ragnar Locker ransomware group serves as a significant milestone in the ongoing battle against ransomware and reinforces the importance of continued collaboration to protect individuals and organisations from malicious threats.

About Ragnar Locker

The Ragnar Locker ransomware group, also known as the Ragnar group, has been a prominent threat since December 2019. They are notorious for targeting devices running Microsoft Windows operating systems and have gained a reputation for attacking critical infrastructure worldwide. Their most notable attacks include those against the Portuguese national carrier and a hospital in Israel.

They utilise a double extortion tactic. In addition to demanding hefty payments for decryption tools, they also threaten to release stolen sensitive data if the ransom is not paid. This approach maximizes their leverage over victims and increases the potential damage caused by their attacks.

The group’s attacks have been considered high-level threats due to their focus on critical infrastructure and their ability to exploit vulnerabilities in exposed services like Remote Desktop Protocol. Their operations have attracted significant attention and have posed serious risks to organisations and individuals alike.

While the takedown of the Ragnar Locker ransomware group is a significant achievement, it is important to remain cautious. Ransomware operators often reemerge under new entities shortly after the dissolution of old groups. Ongoing collaboration and proactive security measures are crucial in combating the ever-evolving landscape of cybercrime.

About the Operation

The investigation into the Ragnar Locker group began in October 2021, with arrests made in Ukraine.

The recent international sweep involved searches and arrests in Czechia, Spain, and Latvia. The main perpetrator was apprehended in Paris, France. The group’s dark web site was seized, and its associated data leak website on Tor was taken down.

The operation was the result of a complex investigation, with the support of numerous law enforcement authorities from different countries. Contributors:

  • Europol
  • Eurojust
  • French National Gendarmerie
  • Ukrainian National Police
  • US FBI
  • Czechia National Counter-Terrorism, Extremism and Cybercrime Agency of Police
  • German State Criminal Police Office Sachsen
  • German Federal Criminal Police Office
  • Italian State Police
  • Italian Postal and Communication Police
  • Japanese National Police Agency
  • Latvian State Police
  • Dutch Police of East Netherlands
  • Spanish Civil Guard
  • Swedish Swedish Cybercrime Centre
  • Atlanta Field Office of the US Federal Bureau of Investigation

This investigation shows that once again international cooperation is the key to taking ransomware groups down. Prevention and security are improving, however ransomware operators continue to innovate and find new victims. Europol will play its role in supporting EU Member States as they target these groups, and each case is helping us improve our modes of investigation and our understanding of these groups. I hope this round of arrests sends a strong message to ransomware operators who think they can continue their attacks without consequence.

The Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said

The takedown of the Ragnar Locker ransomware group represents a significant success in the fight against cybercrime.

The success of this operation demonstrates the power of international cooperation, involving law enforcement and judicial authorities, in combating cybercrime.

While the operation deals a blow to the group, it is essential to remain vigilant, as ransomware operators often regroup under new entities after the dissolution of old ones.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.