International sting operation against Ragnar Locker ransomware
![Image Report examines recent activities of Russian cybercriminals from [Sandworm]](https://incyber.org//wp-content/uploads/2024/04/incyber-news-cybersecurite-cybersecurity-attack-danger-2024-885x690.jpg)
French authorities arrest cybercriminal group’s main developer upon arrival at Roissy airport.
Europol recently announced the arrest, on October 16, 2023, of a Russian national residing in the Czech Republic and suspected of being the main developer for the Ragnar Locker ransomware gang. French authorities apprehended the suspect upon his arrival at Roissy airport in Paris, as part of a widespread international sting operation.
The bust also allowed the arrest of five other suspects, in Spain and Latvia, and the seizure of the ransomware’s infrastructure, in the Netherlands, Germany and Sweden. In Sweden, law enforcement also took down the website indexing the group’s exploits on Tor.
According to Europol, “this international crackdown follows a complex investigation by the French gendarmerie, in partnership with law enforcement in Germany, Spain, the United States, Italy, Japan, Latvia, the Netherlands, Sweden, the Czech Republic and Ukraine.” Europol had coordinated a first wave of arrests in October 2022, in Ukraine.
Active since December 2019, Ragnar Locker targets critical organizations throughout the world, with significant ransoms between seven and fifty million dollars (6.6 and 47.1 million euros). The cybercriminal group uses the double extortion tactic, and has claimed 168 victims around the world. Hit in September 2020, the French shipping company CMA-CGM spent around 50 million euros to have its services restored.