A first head emerges from the nebula of the “Ragnar group”, the name of a virus which infects the computer systems of companies, encrypts their data then demands payment of a ransom for the decryption key. He is a Russian national, usually living in the Czech Republic, indicted and imprisoned in Paris. He is “suspected of being a developer for the Ragnar group,” prosecutor Laure Beccuau said in a press release.
He was indicted on Friday for criminal conspiracy to commit a crime or misdemeanor and placed in pre-trial detention. “The Ragnar group has approximately 168 victims spread across the world,” according to the magistrate. This suspect was arrested as part of a “major operation” carried out this week by the French and German authorities, in consultation with the American and Italian authorities, and with the support of Latvia, the Czech Republic, Spain, Japan and Ukraine. Coordination meetings were held within Eurojust and Europol.
CMA-CGM victim in 2020
“This important step in the fight against the Ragnar ransomware group focused from a technical point of view on the identification and shutdown of a portion of the servers used by the group, in particular those dedicated to exfiltration or the publication of data,” continues the magistrate. Six people were questioned and four searches took place. Cryptocurrencies of “members of interest of the group” located in France, Spain, Latvia and the Czech Republic were seized.
In France, a preliminary investigation was opened in September 2020 by the section specializing in cybercrime of the Paris prosecutor’s office after Ragnar’s first attack against a French company. The French shipowner CMA-CGM announced in September 2020 that it was the victim of a computer attack and that it feared that data had been stolen. According to specialized sites at the time, “Ragnar” was behind the cyberattack.
To date, “10 French victims have been identified”, according to the prosecution. “This international operation is part of the continuity of operations carried out by France alongside the United States and Canada, having led to the arrest in Canada of Mikhail Vasiliev in October 2022, affiliate of the Ragnar group”, underlines Laure Beccuau.