What merely happened? Without caption, the Ragnarok ransomware group seems to accept disappeared, publicly releasing a decryption cardinal that can decrypt any files locked by their ransomware. Information technology is unknown whether Ragnarok is truly retiring or if it's simply retreating into the shadows to plan more surprise attacks.

BleepingComputer showtime reported on the disappearance, noticing Ragnarok's leak site had been wiped make clean. Co-ordinate to security company HackNotice, from July through mid-August, Ragnarok had listed a dozen victims on its site from multiple countries whose files it had stolen and was threatening to leak if they didn't pay the ransom.

Now all that'south left is a link to a file containing the master decryption central for their ransomware. Michael Gillespie, who is known for fighting ransomware, confirmed to BleepingComputer that the fundamental on the site can unlock any file with extensions linked to the Ragnarok group. Another security company, Emsisoft, too just released its own universal descriptor for files locked with Ragnarok ransomware.

Co-ordinate to BleepingComputer, Ragnarok first appeared in January 2022 when it attacked Citrix ADC servers, even trying to disable Windows Defender.

Another Ransomware group that seemingly quit this twelvemonth was Darkside, the group responsible for the Colonial Pipeline attack. Some security companies, however, doubt the sincerity of these retirements.

Intel471 alleges ransomware groups that disappear, apologize, or announce amendments to their policies may just exist trying to retreat from the media spotlight surrounding ransomware attacks, only to afterward resume attacks nether new names.

Darkside apologized when it announced it was quitting back in May, but Ragnarok so far hasn't issued any statements.

Photo illustration credit The Daily Creature