# Ragnarok ransomware releases master decryptor after shutdown **[bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/](https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/)** Ionut Ilascu By [Ionut Ilascu](https://www.bleepingcomputer.com/author/ionut-ilascu/) August 26, 2021 06:36 PM 0 Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files. ## Rushed exit The leak site has been stripped of visual elements. All that remains there is the brief text linking to an archive containing the master key and the accompanying binaries for using it. Looking at the leak site, it seems like the gang did not plan on shutting down today and just wiped everything and shut down their operation. ----- source: BleepingComputer Up until earlier today, the Ragnarok ransomware leak site showed 12 victims, added [between July 7 and August 16, threat intelligence provider HackNotice told](https://hacknotice.com/) BleepingComputer. ----- By listing victims on their website, Ragnarok sought to force them into paying the ransom, under the threat of leaking unencrypted files stolen during the intrusion. The listed companies are from France, Estonia, Sri Lanka, Turkey, Thailand, U.S., Malaysia, Hong Kong, Spain, and Italy and activate in various sectors ranging from manufacturing to legal services. Ransomware expert Michael Gillespie told BleepingComputer that the Ragnarok decryptor released today contains the master decryption key. “[The decryptor] was able to decrypt the blob from a random .thor file,” Gillespie told BleepingComputer initially. The researcher later confirmed that he could decrypt a random file, which makes the utility a master decryptor that can be used to unlock files with various Ragnarok ransomware extensions. source: BleepingComputer A universal decryptor for Ragnarok ransomware is currently in the works. It will soon become available from Emsisoft, a company famed for assisting ransomware victims with data decryption. The Ragnarok ransomware group has been around since at least January 2020 and [claimed dozens of victims after making headlines for exploiting the Citrix ADC vulnerability](https://www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/) last year. Ragnarok is not the only ransomware gang to release a decryption key this year [Ziggy ransomware operation shut down in February, and its operator shared a file with](https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/) 922 keys In May, [Conti ransomware gave a free decryptor to HSE Ireland](https://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/) [Avaddon ransomware shut down in June and released the decryption keys](https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/) SynAck ransomware gang rebranded as El_Cometa and released the master decryption keys as part of this transition ----- [Researchers also provided decryptors [1,](https://www.bleepingcomputer.com/news/security/darkside-ransomware-decryptor-recovers-victims-files-for-free/) [2,](https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/) [3], and sometimes the provenance of these](https://www.bleepingcomputer.com/news/security/lorenz-ransomware-decryptor-recovers-victims-files-for-free/) [tools remained uncertain, as it happened with the Kaseya attack.](https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/) ## Related Articles: [Free decryptor released for Yanluowang ransomware victims](https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-yanluowang-ransomware-victims/) [BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state](https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/) [Windows 11 KB5014019 breaks Trend Micro ransomware protection](https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/) [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New ‘Cheers’ Linux ransomware targets VMware ESXi servers](https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/) [Decryption Key](https://www.bleepingcomputer.com/tag/decryption-key/) [Decryptor](https://www.bleepingcomputer.com/tag/decryptor/) [Ragnarok](https://www.bleepingcomputer.com/tag/ragnarok/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Ionut Ilascu](https://www.bleepingcomputer.com/author/ionut-ilascu/) Ionut Ilascu is a technology writer with a focus on all things cybersecurity. The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia. [Previous Article](https://www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/) [Next Article](https://www.bleepingcomputer.com/offer/deals/get-started-in-cybersecurity-with-this-ethical-hacking-course-bundle/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ## You may also like: -----