Inactive ransomware operator
← All groupsRagnarok
3 victims indexed · first seen 5 years ago · last activity 4 years ago
3
Victims indexed
#279 of 348 tracked operators
9m
Active period
Mar 2021 → Dec 2021
—
Countries hit
At a glance
- Status
- inactive
- First seen
- 5 years ago
- Last activity
- 4 years ago
- Onion sites
- 3 known endpoints
- Primary sector
- Commercial Facilities · 1 hits
About
Ragnarok is a ransomware group that emerged in March 2021 with primarily financial motivations, conducting targeted attacks against commercial facilities. The group's origin and potential state affiliations remain largely undocumented in public threat intelligence reporting, and there is limited information available regarding whether they operate as a Ransomware-as-a-Service model or as an independent entity. Based on available data, Ragnarok has been linked to at least three confirmed victims, with their attack methodology and specific technical capabilities not extensively documented in public security research from major threat intelligence firms. The group appears to have specifically focused their targeting efforts on commercial facilities sectors, though the scope and scale of their operations remain relatively small compared to more prominent ransomware operations. Current public reporting does not provide sufficient detail regarding notable high-profile campaigns, significant ransom demands, or law enforcement actions specifically targeting this group. The current operational status of Ragnarok remains unclear based on available public threat intelligence, with limited recent reporting on their activities since their initial emergence in 2021.
References
14 linksExternal sources curated by the MISP threat-intel community.
- malpedia.caad.fkie.fraunhofer.de/details/win.ragnaro
- borncity.com/win/2021/03/27/tu-darmstadt-opfer-der-ragnarok-ransomware/
- techcrunch.com/2021/08/30/ragnarok-ransomware-gang-shuts-down-and-releases-its-decryption-key
- cpomagazine.com/cyber-security/ragnarok-ransomware-gang-closes-up-shop-leaves-master-decryptor-key-behind
- sababasecurity.com/cheese-shortage-in-dutch-supermarkets-after-a-ransomware-attack
- docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
- github.com/k-vitali/Malware-Misc-RE/blob/master/2020-01-26-ragnarok-cfg-vk.notes.raw
- go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
- media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf
- news.sophos.com/en-us/2020/05/21/asnarok2/
- news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
- bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
- bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/
- ransomlook.io/group/ragnarok
Timeline
3 months2021-03-01T00:00:00+00:002021-12-01T00:00:00+00:00
Top sectors
Commercial Facilities
1
MITRE ATT&CK
4 techniques · 4 tacticsTactics
Initial AccessExecutionDefense EvasionImpact
Recent victims
Loading…
Onion infrastructure
3 known- http://sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
- http://sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion/
- http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
Source
Updated 4 years agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.