Master decryptor key published

Sicherheit (Pexels, allgemeine Nutzung)[German]Victims of the Ragnarok ransomware, whose data was encrypted during an attack, can hope again. After the cyber-criminal has just ceased its operations, the master decryptor key has been published. With it, the encrypted files should be able to be restored.


The Ragnorak ransomware was known for numerous attacks. The victims are believed to include the University of Darmstadt. However, according to various reports, the Ragnorak ransomware group has just stopped its activities – victims can therefore no longer request keys to decrypt their data. Now, however, the group has probably left a corresponding tool as a parting gift. I came across the issue in question via the following tweet. The details can be read in this post from The Record.

Ragnarok free decryptor

The free decryption program, which comes with a master decryption key, was published on the dark web portal of Ragnarak ransomware gang. The decryption program, whose functionality has been confirmed by several security researchers, is currently being analyzed by security companies. The goal is to redevelop a clean and safe-to-use version. This will then be made available via Europool's NoMoreRansom  portal.

Background: The Ragnarok ransomware

The name of the ransomware family is borrowed from Norse languages – the malware encrypts files with .thor- or .ragnarok_cry extensions (see also (deleted)). I had reported about the ransomware in January 2020 in the post Ragnarok Ransomware targets Citrix ADC, stops Defender. This ransomware was the first to target vulnerable Citrix ADC installations. The malware also stood out for its ability to disable Defender on Windows.

Similar articles:
Technical University Darmstadt Victim of Ragnarok Ransomware?
Ragnarok Ransomware targets Citrix ADC, stops Defender


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *