Ragnarok Ransomware Group Suddenly Repents, Help Victims Recover Data

Hacking has been considered a national crime by the US government. (photo credit: Charles Deluvio / Unsplash)

JAKARTA - The ransomware group, which is quite well known as Ragnarok, seems to have repented. The group finally helps its victims to reopen their hacked data.

Ragnarok has been operating since 2019. They became famous for attacking Citrix ADC servers. After the attack, Ragnarok has not yet patched the Citirix ADC server, but is now helping to shut it down and release free decryption keys to its victims.

Ragnarok, sometimes also known as Asnarok, last week replaced all 12 victims registered on its dark web portal with brief instructions on how to decrypt files. Accompanied by the release of the decryptor, which the experts at Emsisoft confirmed contains the master decryption key.

Emsisoft, a security company known for helping ransomware victims with data decryption, has also released universal decryption for the Ragnarok ransomware.

Previously, Ragnarok was notorious for using the Ragnar Locker ransomware to target computer networks, which often claimed dozens of victims after exploiting the Citrix ADC vulnerability to search for Windows computers weak to the EternalBlue vulnerability.

Go Without Saying Goodbye

First reported by Bleeping Computer as quoted from Techcrunch, Tuesday, August 31. Without official records, it's not clear why Ragnarok decided to stop the action. However, another ransomware group is currently facing increasing pressure from the US government, which earlier this year branded ransomware a national security threat.

REvil, the ransomware group behind the JBS attack, has mysteriously disappeared from the internet, and so has the DarkSide group behind the Colonial Pipeline incident, also announcing its retirement.

Others, including Ziggy Avaddon, SynAck and Fonix, also followed Ragnarok's lead from this year's hack, each handing over a key to help victims recover from their attacks.

However, it remains to be seen whether Ragnarok's disappearance is permanent, or will simply change the image, as the infamous DoppelPayment ransomware group recently resurfaced after months of inactivity.