The suspected developer of the Ragnar Locker ransomware strain is in custody in France and the malware’s IT infrastructure taken down after an international police operation, the Europol police co-operative announced Friday.
The gang behind the creation and distribution of this strain was responsible for numerous high-profile attacks against critical infrastructure across the world after emerging in 2019. According to the FBI, as of January 2022 it had hit at least 52 organizations across 10 critical infrastructure sectors.
Europol’s announcement today was the culmination of police action that started on Monday, including searches in Czechia, Spain and Latvia. But the statement said the investigation has its roots in the arrests in Ukraine just over two years ago of what it called two “prolific” ransomware operators.
The individual Europol called the “key target” was arrested in Paris on Monday, and his home in Czechia was searched. Five other suspects were interviewed in Spain and Latvia in the following days, Europol said. The statement doesn’t say what happened to them. But the person arrested in Paris has been brought in front of examining magistrates there.
The ransomware’s infrastructure was also seized in the Netherlands, Germany and Sweden, and the associated data leak website on Tor was taken down in Sweden.
The investigation was led by the French National Gendarmerie and included law enforcement authorities from the Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States.
Also this week, a white hat hacking group from Ukraine said it took down the IT infrastructure behind the Trigona ransomware.