Ragnarok Threat Actor Shuts Down Operations, Decryptor Released

After a series of news reports about huge ransomware hits, disastrous network takedowns and painful recoveries, the clouds seem to finally be dispersing a bit. Researchers reported that the ransomware gang known under the names Ragnarok and Asnarok has shut down its operations.

The announcement was made on the web page used by the hackers running Ragnarok. The page was updated with a download link for a toolset that can be used as a universal decryptor for anyone who still has files encrypted by the Ragnarok ransomware.

Security researchers have tested the decryptor and there are multiple reports that it works as intended and can successfully restore files to normal. The decryption tools are being picked apart and reverse engineered at the moment, so that an official, clean version can be posted up on the Europol NoMoreRansom portal page.

Ragnarok is a threat actor that was first spotted and documented by security researchers in late 2019. The hackers picked up in attacks and activity in 2020. However, after just a year and a half of active operation they officially close up shop in late August 2021.

This move, while refreshing, is not as surprising as it might seem. Earlier in the summer of 2021 two other threat actors dealing in ransomware also called it quits and released their own universal decryption tools for their respective strains of ransomware. Those two were named Avaddon and SynAck.

Following the ransomware attack on Colonial Pipeline and the following countermeasures taken by the US government, it looks like ransomware actors worldwide have started reconsidering their options. Two huge ransomware gangs - REvil and DarkSide, also seemingly shut down. A number of dark web hacking forums banned discussions revolving around ransomware entirely too.

Whether REvil and DarkSide are gone for good or are simply laying low for a while and quietly improving their toolkits in an effort to re-brand remains to be seen. At any rate, the news of Ragnarok closing down is a breath of fresh air in an otherwise bleak landscape.

By Zaib
August 30, 2021
Computer Security
English
August 30, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

Ransomware Threat Actor REvil Websites Go Offline

In the early hours of June 13 all the websites operated by REvil - one of the biggest active ransomware threat actors - went offline. There is no hard information regarding the cause of the blackout. At this point in... Read more

July 14, 2021
Computer Security

Strange Ransom Threat Actor Seeks Unusual Victims

The Mespinoza ransomware gang, also going by the alias of PYSA, have come in the spotlight for their unusual approach to their operations. The group infiltrates networks the way most other ransomware outfits do, but... Read more

July 15, 2021
Computer Security

REvil Threat Actor Group Executes Two New Attacks

Ransomware threat actor group REvil seems to have pulled off two new successful attacks, according to reports. The first of the two latest victims of the hackers is a fashion clothing company called French Connection... Read more

June 25, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.