iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Baden-Württemberg State Criminal Police Office and other agencies took down the Vanir Group’s leak site, but operators are still at large.
A German law enforcement operation has seized the darknet leak site of the Vanir ransomware gang.
The State Bureau of Investigation Baden-Württemberg made the announcement on 17 September, saying in a statement that it had worked with the Cybercrime Center of the Karlsruhe Public Prosecutor’s Office on the operation.
Baden-Württemberg authorities had been investigating the Vanir ransomware group since 24 June, and in August, it was able to discover the server hosting the gang’s leak site, leading to its seizure on 17 September.
“Today, the perpetrators’ TOR page was taken over by the State Criminal Police Office on behalf of the Cybercrime Center and redirected to a blocked page,” German authorities said.
“By blocking the page, the data stolen by the perpetrators can no longer be published on their TOR page. The investigation into the identity of the perpetrators is ongoing.”
The leak site now bears the crest of the State Bureau of Investigation Baden-Württemberg.
“This hidden site has been seized by the State Bureau of Investigation Baden-Württemberg as a part of a law enforcement action taken against Vanir Ransomware Group,” the site now says.
The Vanir Group itself was not a particularly active ransomware operation, having only claimed three victims in June and July of this year – decentralised communications firm Beowulfchain, paper manufacturer Qinao, and car leasing company Athlon.
Since then, the group has been quiet.
The group had previously said on its leak site that it was a ransomware-as-a-service operation and was actively seeking affiliates. It was apparently run by an individual known as BlackEyedBastard.
Cyber security community news site Red Hot Cyber claimed to interview BlackEyedBastard in July, in which the Vanir Group leader laid out the gang’s operations.
“Vanir Group is made up of ex-affiliates of groups like Karakurt and LockBit as well as Knight ransomware, they were all disgruntled for whatever reasons and they came to us,” BlackEyedBastard said at the time.
“We work solely for financial gain, we have no political interests.”
According to the interview, the group was predominantly based in Eastern Europe.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
