[German]Victims of the Ragnarok ransomware, whose data was encrypted during an attack, can hope again. After the cyber-criminal has just ceased its operations, the master decryptor key has been published. With it, the encrypted files should be able to be restored.
The Ragnorak ransomware was known for numerous attacks. The victims are believed to include the University of Darmstadt. However, according to various reports, the Ragnorak ransomware group has just stopped its activities – victims can therefore no longer request keys to decrypt their data. Now, however, the group has probably left a corresponding tool as a parting gift. I came across the issue in question via the following tweet. The details can be read in this post from The Record.
The free decryption program, which comes with a master decryption key, was published on the dark web portal of Ragnarak ransomware gang. The decryption program, whose functionality has been confirmed by several security researchers, is currently being analyzed by security companies. The goal is to redevelop a clean and safe-to-use version. This will then be made available via Europool's NoMoreRansom portal.
Background: The Ragnarok ransomware
The name of the ransomware family is borrowed from Norse languages – the malware encrypts files with .thor- or .ragnarok_cry extensions (see also (deleted)). I had reported about the ransomware in January 2020 in the post Ragnarok Ransomware targets Citrix ADC, stops Defender. This ransomware was the first to target vulnerable Citrix ADC installations. The malware also stood out for its ability to disable Defender on Windows.
Cookies helps to fund this blog: Cookie settings