Skip to main content

Ragnarok ransomware gang closes shop

(Image credit: Image source: Shutterstock/Nicescene)

Ragnarok, one of the most popular ransomware operator groups out there, has decided to abruptly called it quits. Not only has the group behind the infamous ransomware attack on Citrix ADC servers retired out of the blue, it also released a free decryption key for all of its victims.

On its website, the 12 victims that were listed there are now replaced by the information on the universal decryption key and how to use it. Multiple media outlets have reported that cybersecurity experts confirmed the authenticity of the decryptor.

Ragnarok was one of the most popular groups out there, infamous for exploiting the Citrix ADC vulnerability to find devices susceptible to EternalBlue - the same vulnerability used in the WannaCry attacks. 

It was reported that Ragnarok stole more than $4.5 million in ransom payments.

Nobody knows exactly why Ragnarok decided to jump ship, but experts believe there are two possible scenarios. In one - the group crumbled under the pressure of the US government, which recently branded ransomware as a threat to national security. 

Both REvil and DarkSide, groups that successfully targeted JBS and Colonial Pipeline, both announced their retirement earlier this year.

The other scenario is that the group is just rebranding and that it will soon return with a new name. After being idle for months, DoppelPayment ransomware group recently emerged as Grief Ransomware.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.