The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Ragnarok group released the ransomware’s decryptor. The group closed its operations and in the last days removed all the malware impacted organizations from their leak website. Is it real or it will just change the name?
Ragnarok gang decided to close it’s operations and sent ransomware’s victims a decryptor. It should be a sort of master key, that can unlock all the files by the cybercrime group. Furthermore, in the past days, the malicious hackers removed all the impacted organizations from their leak website, and instead left instructions on how to decrypt the encrypted files. However, the Emsisoft cybersecurity experts should soon release a universal decryptor for the malware. Ragnarok is the last threat actor that recently stopped the operations or distributed keys. In June Avaddon released 2394 decryption keys for each of their cyberattack victims, and Conti provided the Ireland’s Health Service Executive (HSE) with a free decryption tool a week after the attack. it is not known, however, if the Ragnarok stop of operations is real or if the group will take on another name, as happened with other cyber criminals, to continue hitting companies around the world, gaining time.