13 August 2024

Law enforcement disrupts Radar/Dispossessor ransomware gang’s operations


Law enforcement disrupts Radar/Dispossessor ransomware gang’s operations

The US Federal Bureau of Investigation (FBI) has announced the takedown of the notorious “Radar/Dispossessor” ransomware group, with an international law enforcement effort dismantling the gang’s servers across the United States, the United Kingdom, and Germany.

The group was led by an individual using the online moniker “Brain,” the FBI said. The operation resulted in the seizure of three US servers, three UK servers, 18 German servers, eight US-based criminal domains, and one German-based criminal domain. The collaborative effort was conducted alongside the UK's National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the US Attorney’s Office for the Northern District of Ohio.

Radar/Dispossessor emerged in August 2023, targeting small to mid-sized businesses across various sectors, including production, development, education, healthcare, financial services, and transportation. The group initially focused on US entities, but investigations have revealed that their reach extended to 43 companies worldwide, with victims spanning across Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany.

Radar/Dispossessor employed a dual-extortion model similar to other notorious ransomware variants. The group would not only encrypt victims' systems but also exfiltrate sensitive data, holding it ransom. Their attacks targeted vulnerable computer systems, exploiting weak passwords and the lack of two-factor authentication to gain access. Once inside, the criminals would escalate their privileges to administrator level, allowing them full control over the systems and files.

Victims who failed to respond to the initial ransom demands were further harassed by the group. They would reach out to other employees within the victim's company, using email or phone calls to increase the pressure. These communications often included links to videos showcasing the stolen data, aimed at coercing the victims into paying the ransom. If the demands were not met, the group would announce the breach on a dedicated leak page, setting a countdown to the public release of the stolen data.

Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024