European police have “taken down” the gang of ransomware attackers responsible for 2020’s high-profile Capcom hack, which saw confidential employee information and details on a swathe of upcoming games splashed across the internet.
The Ragnar Locker ransomware group was arrested at a string of addresses across the continent, in raids conducted last week in Czechia, Spain and Latvia, Europol has said.
Action against the group began on 16th October with the arrest of a “key target” in Paris, prompting a search of his Czechia home.
Five further suspects were then questioned in Spain and Latvia, while infrastructure was seized in the Netherlands, Germany and Sweden, the latter of which took the gang’s dark web data leak site offline.
In a statement on the arrests, Europol said the group’s ransomware – also named Ragnar Locker – had been used to target “critical infrastructure across the world”, recently including the Portuguese national airline and an Israeli hospital.
The group’s attacks were designed to extort money from victims in exchange for decryption tools and to prevent sensitive data being released online.
Capcom confirmed its online security had been breached in November 2020, with personal and corporate details on more than 15,000 people stolen.
Details of unannounced game projects, release dates and other sensitive information were also included. These included confirmation of the Resident Evil 4 remake, Dragon’s Dogma 2 and more – including other projects even then slated for 2024.
“This investigation shows that once again international cooperation is the key to taking ransomware groups down,” Europol’s European cybercrime boss Edvardas Šileris said. “Prevention and security are improving, however ransomware operators continue to innovate and find new victims.
“Europol will play its role in supporting EU Member States as they target these groups, and each case is helping us improve our modes of investigation and our understanding of these groups. I hope this round of arrests sends a strong message to ransomware operators who think they can continue their attacks without consequence.”
