Evidence of the group’s disappearance was discovered by several sites, chief among them being BleepingComputer. Specifically, several elements of the site seemed to have been stripped bare of all visuals. If anything, it seems as if the group did not have any plans on shutting down this fast, indicating that something or someone may have reached key members of the group. Unsurprisingly, any evidence of the threat actors behind the group no longer exists, save except for the aforementioned decryption key.
The good news is that the master key works and unlocks all files that were encrypted by the group’s ransomware, along with a list of its victims, several of which were also victims of its double extortion tactic; on top of encrypting files and demanding a ransom, the group would also steal data that threaten to post it on a “leak” site. Ragnarok isn’t the first ransomware to have seemingly vanish this year. Darkside, the hacker group that claimed responsibility for both the Colonial Pipeline and Toshiba’s European business, had apologised and quit the scene after the attacks, although the sincerity of such actions is questionable and rightly so. (Source: BleepingComputer via Techspot)