The European Union Law Enforcement Cooperation Agency (Europol) announced that it has dealt a "major blow" to a ransomware group called Ragnar Locker, which attacked Capcom in 2020, demanding $11 million and affecting the data of some 400,000 people. The name is well known to you and me.

For Europol, Ragnar Löcker is more notable for its attacks on "critical infrastructure" around the world, most recently against "Portugal's national airline and an Israeli hospital."

A "key target" of police agencies investigating Ragnar Locker was arrested in Paris on October 16, following an "international police raid" in which ransomware infrastructure was also seized in the Netherlands, Germany, and Sweden.

Five more suspects were interviewed in Spain and Latvia, and as if this were not enough, the "main suspect," suspected by the police to be one of the group's developers, was brought before the Paris Court of Justice at the end of a "week of action" (last week for those not involved in the international raids) to He was brought in.

The Ragnar Rocker is, and probably will continue to be, quite troubling, depending on how deadly a blow this was. According to Europol, the Ragnar Locker targets Windows devices and "typically exploits publicly available services such as remote desktop protocols" to take control of its victims' systems. Once infiltrated, the ransomware group "employs double extortion tactics, demanding extortionate payments for the non-disclosure of decryption tools and sensitive data. Victims were explicitly warned not to seek outside help. If they did, the group threatened to publish the stolen data on the Dark Web's "Wall of Shame."

However, according to Europol, the Sweden-based site has been shut down, at least for now, as a result of an operation coordinated by Europol and Eurojust with the involvement of 11 international law enforcement agencies, including the US FBI. In a statement to the press, Edvardas Šileris, head of the European Cybercrime Centre of Europol, said, "The arrests are the result of an attack that can continue without consequences and sends a strong message to ransomware operators who believe that they can continue their attacks without consequences."