article featured image


Yesterday, all the organizations that had their files encrypted with Ragnarok ransomware received some good news! It seems that the threat actor decided to abandon its operations and also made public the master key that will decrypt its victims’ files.

Why Did the Ragnarok Ransomware Group Discontinue Operations?

The reason why the gang shutdown is still unknown, all we know is they unexpectedly removed all the impacted orgs. from their leak website, and instead left instructions on how to decrypt the encrypted files.

All you can find at the moment on the Ragnarok ransomware actor site is a very short message linking to an archive consisting of the master key and the binaries that go with it in order to use it.

In the picture below you can see that everything else disappeared, including the visual components. 

Ragnarok Leak Site Decryptor


Between July and August 2021, 12 organizations from Spain, France, Thailand, Hong Kong, Malaysia, U.S., Italy, Estonia, Sri Lanka, and Turkey fell victims to Ragnarok ransomware operations, as shown by the list displayed on the gang’s leak site.

The victims are operating in multiple industries varying from manufacturing to legal services.

The impacted companies were added to the actors’ leak website and threatened to have their encrypted files leaked in order to convince them to pay the requested ransom.

BleepingComputer was told by a ransomware specialist that the Ragnarok decryptor released yesterday contains the master decryption key.

[The decryptor] was able to decrypt the blob from a random .thor file.


More and More Ransomware Gangs Release Decryption Keys

Emsisoft, an organization that helped thousands of ransomware victims over the past 10 years is currently working at a universal decryptor for Ragnarok ransomware. According to BleepingComputer, it will be released very soon.

Discovered by the cybersecurity researcher Karsten Hahn in 2020, Ragnarok ransomware became notorious when it was found that the actor exploited a certain vulnerability in the Citrix Application Delivery Controller (ADC) to launch the random code and install malware on the targeted machine.

One of the ransomware gangs that released a decryption key in 2021 is Conti ransomware that provided the Ireland’s Health Service Executive (HSE) with a free decryption tool a week after the attack. 

Also, in June Avaddon ransomware group released 2394 decryption keys for each of their cyberattack victims.

Here is a list of the ransomware decryption tools released until now. As my colleague Alina mentioned, some of them are easy to use, while others might necessitate additional experience in the tech field. 

If you don’t have technical skills, you can always ask for help on one of these malware removal forums, which feature tons of information and helpful communities.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.


This is really nice, and it’s worth reading this blog. Thanks for sharing this information, keep sharing and keep updating us like this.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo