Law enforcement agencies from multiple countries [2] [3], including the United States [1] [3] [7], have made significant progress in dismantling the Ragnar Locker ransomware group. This group has been responsible for cyberattacks since December 2019, targeting critical infrastructure operators and high-value targets [7].


The joint operation involved the FBI [7], Europol [1] [5] [6] [7], and agencies from Germany [7], Italy [7], France [1] [5] [6] [7], the Netherlands [1] [2] [3] [5] [7], Ukraine [3] [4] [5] [6] [7], and other countries [7]. They successfully seized the group’s infrastructure in the Netherlands, Germany [1] [2] [3] [5] [7], and Sweden [1] [2] [3] [5] [7], and took down their site on the Tor network [7]. Additionally, a central figure in the group [4], believed to be a Czech resident and a ransomware developer, was arrested in France [1] [4] [6] [7]. Police in Ukraine [6] [7], Spain [1] [2] [3] [5] [6] [7], the Czech Republic [1] [2] [7], and Latvia conducted searches and seized devices and data related to other suspects [7]. The investigation team analyzed computer server data provided by the National Police Agency [4]. The group’s main website and server infrastructure in multiple countries have been seized [6], and the dark website used by the group to publish stolen information has been shut down [4]. Various cryptocurrencies were also seized. Despite being under law enforcement surveillance [2], the group continued to target victims as recently as this month. A Russian national has also been charged in the United States for ransomware attacks [1], and Japanese police suspect his involvement in a cyberattack against Capcom in 2020. It is unclear if there are other developers involved [6], and there is evidence suggesting some members may reside in Russia [6]. The European Cybercrime Centre of Europol described the operation as a major blow to the ransomware group and emphasized the importance of international cooperation in combating such groups.


This operation has dealt a significant blow to the Ragnar Locker ransomware group, which has been a persistent threat since December 2019. The successful seizure of their infrastructure and the arrest of a key figure demonstrate the effectiveness of international collaboration in combating cybercriminals. However, it is important to remain vigilant as there may be other developers involved and evidence pointing to potential members residing in Russia. The ongoing efforts of law enforcement agencies and the importance of international cooperation cannot be understated in the fight against ransomware groups.