{
	"id": "8714a080-e7b6-448a-9e68-fe84fa97203c",
	"created_at": "2026-04-06T00:08:47.755309Z",
	"updated_at": "2026-04-10T03:22:06.291944Z",
	"deleted_at": null,
	"sha1_hash": "f2b8bf695afec4bbea51d05cb1b4a4c92a7fa2a7",
	"title": "Ragnarok ransomware releases master decryptor after shutdown",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2932204,
	"plain_text": "Ragnarok ransomware releases master decryptor after shutdown\r\nBy Ionut Ilascu\r\nPublished: 2021-08-26 · Archived: 2026-04-05 12:45:07 UTC\r\nRagnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with\r\ntheir malware.\r\nThe threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with\r\na short instruction on how to decrypt files.\r\nRushed exit\r\nThe leak site has been stripped of visual elements. All that remains there is the brief text linking to an archive containing the\r\nmaster key and the accompanying binaries for using it.\r\nhttps://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nLooking at the leak site, it seems like the gang did not plan on shutting down today and just wiped everything and shut down\r\ntheir operation.\r\nsource: BleepingComputer\r\nUp until earlier today, the Ragnarok ransomware leak site showed 12 victims, added between July 7 and August 16, threat\r\nintelligence provider HackNotice told BleepingComputer.\r\nBy listing victims on their website, Ragnarok sought to force them into paying the ransom, under the threat of leaking\r\nunencrypted files stolen during the intrusion.\r\nThe listed companies are from France, Estonia, Sri Lanka, Turkey, Thailand, U.S., Malaysia, Hong Kong, Spain, and Italy\r\nand activate in various sectors ranging from manufacturing to legal services.\r\nRansomware expert Michael Gillespie told BleepingComputer that the Ragnarok decryptor released today contains the\r\nmaster decryption key.\r\n“[The decryptor] was able to decrypt the blob from a random .thor file,” Gillespie told BleepingComputer initially.\r\nhttps://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nPage 3 of 5\n\nThe researcher later confirmed that he could decrypt a random file, which makes the utility a master decryptor that can be\r\nused to unlock files with various Ragnarok ransomware extensions.\r\nsource: BleepingComputer\r\nA universal decryptor for Ragnarok ransomware is currently in the works. It will soon become available from Emsisoft, a\r\ncompany famed for assisting ransomware victims with data decryption.\r\nThe Ragnarok ransomware group has been around since at least January 2020 and claimed dozens of victims after making\r\nheadlines for exploiting the Citrix ADC vulnerability last year.\r\nRagnarok is not the only ransomware gang to release a decryption key this year\r\nZiggy ransomware operation shut down in February, and its operator shared a file with 922 keys\r\nIn May, Conti ransomware gave a free decryptor to HSE Ireland\r\nAvaddon ransomware shut down in June and released the decryption keys\r\nSynAck ransomware gang rebranded as El_Cometa and released the master decryption keys as part of this transition\r\nResearchers also provided decryptors [1, 2, 3], and sometimes the provenance of these tools remained uncertain, as it\r\nhappened with the Kaseya attack.\r\nhttps://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nhttps://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/"
	],
	"report_names": [
		"ragnarok-ransomware-releases-master-decryptor-after-shutdown"
	],
	"threat_actors": [],
	"ts_created_at": 1775434127,
	"ts_updated_at": 1775791326,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f2b8bf695afec4bbea51d05cb1b4a4c92a7fa2a7.pdf",
		"text": "https://archive.orkl.eu/f2b8bf695afec4bbea51d05cb1b4a4c92a7fa2a7.txt",
		"img": "https://archive.orkl.eu/f2b8bf695afec4bbea51d05cb1b4a4c92a7fa2a7.jpg"
	}
}