The Ragnarok ransomware is notorious for targeting unpatched Citrix ADC servers. But recently this gang called it quits and also left a free decrypting key with instructions for its victims to unlock the affected files.
So what exactly is Ragnarok ransomware? Has it actually shut down its operations? What can we learn from this in order to prevent ransomware attacks?
What Is the Ragnarok Ransomware?
Ragnarok's main course of action has always been to breach a target by using various exploits. Once the ransomware gets hold of an internal network, it encrypts its servers and workstations.
This lethal ransomware also stole the files and threatened to leak them so victims were left with no choice but to pay the demanded fee. If the money were not received by the appointed date, the gang behind this ransomware would leak the victims' files on their web portal.
Has the Ragnarok Gang Closed Its Operations?
Up until August 16, 2021, the Ragnarok ransomware leak site listed 12 victims that were being forced to pay the ransomware or suffer the consequence of their files getting leaked.
The victimized companies were from France, Estonia, Sri Lanka, Turkey, Thailand, the US, Malaysia, Hong Kong, Spain, and Italy, and were spread across various industries ranging from manufacturing to legal services.
However, in a surprise twist which was confirmed by many leading sources, the Ragnarok gang abruptly shut down its operations and also publicly released the tools required for recovering the encrypted files.
Possible Reasons Behind Ragnarok's Shutdown
Recently, ransomware gangs have faced a severe backlash from the US government which has now branded ransomware a national security threat. This has forced many operations such as REvil ransomware and DarkSide into adopting self-destruction tactics to avoid getting caught.
So there could be two potential reasons behind why Ragnarok called it quits: the ransomware either crumbled under pressure or the group is rebranding and planning to emerge under a new name like the DoppelPaymer ransomware group which recently returned as Grief ransomware.
Tips to Mitigate Ransomware
With the insurgence in security attacks, anyone can fall victim to ransomware. Here are a few important steps that can help mitigate ransomware attacks.
Back Up Everything Regularly
Backing up all your data regularly is the number one defense against ransomware attacks.
Imagine if all your data is backed up and an attacker asks you for a hefty ransom. Instead of panicking, you can rest easy that your stolen data is safely backed up on another server and can be recovered easily. Your only worry would then be that data leaking.
Install Antivirus Software
While having an antivirus suite with firewall doesn't guarantee complete protection against ransomware attacks, it does provide you with an added layer of security.
There are many firewall solutions available on the market, but it is important to choose one that fits the bill for all your organizational needs.
Don't Open or Click on Phishing Emails and Ads
Email phishing is one of the most prevalent ways through which ransomware attacks are distributed. Similarly, malicious links embedded in ads are another tactic used to infect victims with ransomware.
Learn to identify suspicious emails and never click on unauthorized links, attachments, and ads inside your emails.
Invest in Security Awareness Training
Organizations that do not invest in security awareness training for their employees can become easy targets for ransomware attacks. Most attackers gain entry into a company through the "human element", i.e. through a mistake made by an employee.
By providing security awareness training, you can ensure that your employees are vigilant, and can identify malicious links, phishing emails, and any suspicious behavior online.
Apply Security Patches
Most cyberattacks are conducted by exploiting vulnerabilities within your plug-ins and apps.
Regularly applying security patches to all your applications will close the security gaps and will ultimately prevent hackers from conducting ransomware attacks.
The Best Approach Against Ransomware
The Ragnarok ransomware has docked its ship for now, but other lethal ransomware still lurks around.
While detection and prevention both play an important role in mitigating ransomware, the best approach is a layered defense strategy. This includes everything from endpoint detection and response, advanced threat protection and email security, to web security and robust firewall solutions.
If you adopt a multi-layered solution against ransomware, the chances are, even if a hacker gets through one security tool, there will be other checkpoints for them to bypass before they get identified and finally stopped.