FBI shuts down Radar/Dispossessor ransomware operation
The FBI, the National Crime Agency, the Bamberg Public Prosecutor’s Office, the Bavarian State Criminal Office and the U.S. Attorney’s Office for the Northern District of Ohio have seized a dozen servers to shut down the Radar/Dispossessor ransomware group.
During the joint operation the authorities dismantled three servers in the United States, three servers in the United Kingdom and eighteen servers in Germany.
Furthermore, eight U.S. criminal domains and one German domain name were seized. Instead of the website, visitors now get to see a splash page, explaining why the domain has been commandeered.
Radar/Dispossessor is a ransomware group that first appeared in August 2023. In a short period of time the threat actor developed into a prolific operation, targeting small to medium-sized businesses and organizations from the development, education, healthcare, financial services, and transport sectors.
Extensive investigation showed that the Radar/Dispossessor ransomware operation was led by a man with the online moniker ‘Brain’. The threat actor made at least 43 victims all around the world, including Argentina, Australia, Belgium, Brazil, Canada, Croatia, Germany, Honduras, India, Peru, Poland, the United Arab Emirates, and the United Kingdom.
“Radar Ransomware follows the same dual-extortion model as other ransomware variants by exfiltrating victim data to hold for ransom in addition to encrypting victim’s systems. Simply, the ransomware identifies and attacks new victims and re-victimizes current victims,” the FBI says in a press release.
Radar/Dispossessor searched for vulnerable computer systems with weak passwords and no two-factor authentication. Once the hackers gained access to the victim’s systems, they obtained administrator rights and encrypted important files.
If the company didn’t reach out, the group would get in touch with them, either through email or phone call. The stolen data was published on a leak page with a countdown set until public release. It’s a common tactic used by ransomware gangs known as ‘double extortion’.
“With the confiscation of the IT infrastructure, the Central Office Cybercrime Bayern (ZCB), the Bavarian State Criminal Office (BLKA) and its international partners have achieved an important blow against cyber criminals. This clearly shows that the perpetrators must always expect to be transferred and held responsible, even in virtual space. The shutdown of the servers protects numerous other companies around the world from sometimes existential financial consequences,” Vice President of the Bavarian State Criminal Police Office Guido Limmer says in a statement.
The investigation into the Radar/Dispossessor ransomware operation continues.
Your email address will not be published. Required fields are marked