Suspected developer of Ragnar Locker ransomware arrested in Paris

October 20, 2023 The suspected developer of the Ragnar Locker ransomware strain is in custody in France and the malware’s IT infrastructure taken down after an international police operation, the Europol police co-operative announced Friday.

The gang behind the creation and distribution of this strain was responsible for numerous high-profile attacks against critical infrastructure across the world after emerging in 2019. According to the FBI, as of January 2022 it had hit at least 52 organizations across 10 critical infrastructure sectors.

Europol’s announcement today was the culmination of police action that started on Monday, including searches in Czechia, Spain and Latvia. But the statement said the investigation has its roots in the arrests in Ukraine just over two years ago of what it called two “prolific” ransomware operators.

The individual Europol called the “key target” was arrested in Paris on Monday, and his home in Czechia was searched. Five other suspects were interviewed in Spain and Latvia in the following days, Europol said. The statement doesn’t say what happened to them. But the person arrested in Paris has been brought in front of examining magistrates there.

The ransomware’s infrastructure was also seized in the Netherlands, Germany and Sweden, and the associated data leak website on Tor was taken down in Sweden.

The investigation was led by the French National Gendarmerie and included law enforcement authorities from the Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States.

Also this week, a white hat hacking group from Ukraine said it took down the IT infrastructure behind the Trigona ransomware.  

The post Suspected developer of Ragnar Locker ransomware arrested in Paris first appeared on IT World Canada.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of Howard Solomon

Howard Solomon

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.
Picture of Howard Solomon

Howard Solomon

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn