International Investigation Leads to Shutdown of Radar/Dispossessor Ransomware Group
On August 12th 2024 the FBI’s Cleveland office announced the takedown of “Radar/Dispossessor,” a notorious ransomware group led by an individual known online as “Brain.” The operation resulted in the dismantling of three servers in the U.S., three in the U.K., 18 in Germany, eight U.S.-based criminal domains, and one in Germany.
Since its emergence in August 2023, Radar/Dispossessor has rapidly evolved into a significant international threat, targeting small-to-mid-sized businesses across various sectors, including production, education, healthcare, financial services, and transportation. Initially focused on U.S. entities, the investigation revealed 43 companies in countries such as Argentina, Australia, Belgium, Brazil, and India, among others, were also victims. The FBI uncovered numerous websites linked to Brain and his team during their investigation.
Ransomware is a form of malicious software (malware) that encrypts a victim’s data, rendering it unusable unless a ransom is paid. If the ransom is not paid, the attackers may keep the data inaccessible, destroy it, or release it publicly to increase pressure on the victims.
Radar/Dispossessor operated using a dual-extortion model, where they not only encrypted victims’ systems but also exfiltrated data to hold for ransom. The group identified vulnerable computer systems, exploited weak passwords, and bypassed security measures like two-factor authentication to gain access to victim companies’ data. After gaining control, they encrypted the data and, if no contact was made by the victims, the group would reach out directly via email or phone, often sharing links to videos of the stolen data to intensify the extortion.
The attackers would then announce the breach on a separate leak page, setting a countdown for public data release if the ransom was not paid.
Due to the varied nature of ransomware, the full scope of businesses and organizations affected by Radar/Dispossessor remains unclear. The FBI urges anyone with information about Brain or Radar Ransomware, or those who have been targeted, to contact their Internet Crime Complaint Center at ic3.gov or call 1-800-CALL-FBI. Reports can be made anonymously.
The investigation and subsequent takedown were a collaborative effort with the U.K.’s National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the U.S. Attorney’s Office for the Northern District of Ohio.
Blogger at www.systemtek.co.uk