Law enforcement across 11 different countries worked together on this.
Headshot of Nico, one of the main NPC characters from Devil May Cry 5 with a smirk on her face.

This week, arrests were made in connection with the 2020 hack of Capcom. In 2020, a ransomware group gained access to internal Capcom data. This led to early leaks of unannounced titles such as Street Fighter 6 and the Resident Evil 4 remake. It also saw the personal data of thousands of Capcom employees compromised.

As spotted first by VGC, the European Union Agency for Law Enforcement Cooperation (Europol) announced that have found and taken down the ransomware group responsible for hack. The group was called Ragnar Locker, and it was taken down after law enforcement agencies from 11 different countries worked together to arrest a "key target" in Paris this past week.

In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain and Latvia. The “key target” of this malicious ransomware strain was arrested in Paris, France, on 16 October, and his home in Czechia was searched. Five suspects were interviewed in Spain and Latvia in the following days. At the end of the action week, the main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.

The ransomware’s infrastructure was also seized in the Netherlands, Germany and Sweden and the associated data leak website on Tor was taken down in Sweden.

This international sweep follows a complex investigation led by the French National Gendarmerie, together with law enforcement authorities from the Czechia, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine and the United States of America.​
Ragnar Locker did not just target Capcom. The group, active since late 2019, attacked infrastructure centers around the world. According to Europol, the group most recently claimed responsibility for attacking a Portuguese carrier and a hospital in Israel. The ransomware group would attempt to extort its victims by first making them pay for the decryption tools and then again to prevent the public release of sensitive data. The group even put up a "Wall of Shame" site on their dark web site listing all of the victims that sought out help. The group also told victims not to contact authorities or the stolen data would be published to the public.

Unfortunately for the group, several victims did contact authorities. This led to an earlier arrest of two Ragnar Locker members back in 2021.

Back in October 2021, investigators from the French Gendarmerie and the US FBI, together with specialists from Europol and INTERPOL were deployed to Ukraine to conduct investigative measures with the Ukrainian National Police, leading to the arrest of two prominent Ragnar Locker operators.