Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Law enforcement operation seized Ragnar Locker group’s infrastructure

An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and […]

Ragnar Locker ransomware

An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation.

Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and data leak sites.

Ragnar Locker ransomware

This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.

The ransomware operation has been active since late December 2019, the FBI published two flash alerts to warn of the operation of the group.

In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors.

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert. “RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.”

The flash alert provided details on attack infrastructure, Bitcoin addresses used by the gang to receive the payments of the ransom from the victims, and email addresses used by the gang’s operators.

The Ragnar Locker group focuses on extortion, in some cases it did not deploy ransomware, instead it only stole the victim’s data threatening to leak it.

In early September 2023, the Ragnar Locker ransomware gang claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)