Three members of the Ragnar Locker group, an organization specialized in extortion through data hijacking that attacked 168 companies, have been arrested, two in Alicante and the third in Latvia, in an operation coordinated by Europol.
This criminal group, which operated with a well-known “ransomware”, is attributed to attacks on large critical infrastructures, such as that of the Portuguese national airline or a hospital in Israel.
Eleven countries have participated in this international macro-operation and it has been a blow against this group responsible for numerous attacks against critical structures around the world.
According to sources, researchers have dismantled the ransomware infrastructure in the Netherlands, Germany and Sweden, and in the latter country the associated data leak website Tor has been taken down.
The alleged creator of this popular computer hijacking program has been located in the Czech Republic and, in addition, several searches have been carried out in Ukraine.
In addition to the two detainees in Torrevieja and Alicante, there is a third detainee in Latvia, according to the Civil Guard in a statement.
The investigation has been led by the French National Gendarmerie, together with law enforcement authorities from the Czech Republic, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States of America.
During the searches, in addition to the intervention of different computer equipment, the Civil Guard has managed to seize up to three different types of cryptocurrencies: bitcoin (BTC), litecoin (LTC) and binance coin (BNB).
'Ransomware' is a type of 'malware' in which the sensitive information contained on a company's servers is encrypted, to later request payment of the ransom, generally demanded in cryptocurrencies, in exchange for the decryption key to recover the information.
Attacks on large critical infrastructures are attributed to this criminal group, such as that of the Portuguese national airline or that of a hospital in Israel.
The modus operandi was characterized by employing a double extortion tactic, demanding exorbitant payments for the decryption tools, as well as not to disseminate the confidential data stolen during the computer attack.
They expressly warned victims that there would be consequences if they notified the police, publishing the stolen data.
Already in October 2021, investigators from the French National Gendarmerie and the United States FBI, together with specialists from Europol and Interpol, traveled to Ukraine to carry out a joint investigation with the Ukrainian National Police, which resulted in the arrest of two of the main members of the criminal group.
