Vanir Locker Ransomware Site Dismantled by German Authorities

German law enforcement agencies have dismantled the website of the Vanir Locker ransomware group. The site emerged in July, when the attackers published data from three victims, one of which was a German company. The investigation had begun in June, and by August 2024, authorities had identified the server hosting the site on the Tor network. On the site, the group had threatened to release data stolen from the affected companies.

The website is now blocked and redirects to a placeholder page, preventing further dissemination of the stolen information. However, details regarding potential arrests remain undisclosed. Officials clarified that the identification of the criminals is ongoing.

Researchers believe that Vanir Locker may be linked to another notorious group, Akira, as indicated by stylistic similarities between the leak sites. According to HackManac, which tracks darknet activity, Vanir Locker is an Eastern European group comprised of former members of Karakurt, LockBit, and Knight.

It is worth noting that German law enforcement has recently intensified efforts to de-anonymize users of the Tor network. Journalists have uncovered that Germany’s intelligence services employ prolonged monitoring of Tor servers to reveal the identities of users.