The recent takedown of servers associated with the Radar/Dispossessor ransomware operations by the FBI has dealt a significant blow to a cybercriminal group that had evolved from piggybacking on an existing ransomware gang to becoming a formidable force in its own right.
According to a press release by the FBI, the agency dismantled a number of servers belonging to the group, including three in the US, three in the UK, and 18 in Germany. Additionally, eight US-based criminal domains and one German-based criminal domain were also shut down as part of the operation.
The group, operated by an individual using the online moniker “Brain,” initially started out by publishing data stolen by the LockBit ransomware gang in an effort to profit from it. However, it quickly transitioned into a standalone ransomware operation with a focus on targeting small-to-mid-sized businesses and organizations in various sectors such as production, development, education, healthcare, financial services, and transportation.
At the time of the takedown, Radar/Dispossessor had expanded its operations internationally and had victimized organizations not only in the US but also in countries like Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the UK, the United Arab Emirates, and Germany.
The group was known for its relentless double-extortion tactics, which involved exfiltrating critical data from organizations in addition to encrypting their computer systems. It would then use this stolen data as leverage to pressure victims into paying ransom. Radar/Dispossessor would go to great lengths to intimidate and extort victims, including contacting company employees through emails or phone calls and providing links to video platforms showing stolen data to increase the pressure on organizations to comply.
The FBI, in collaboration with international law enforcement agencies and prosecutors, conducted an extensive investigation to identify and dismantle the infrastructure used by Radar/Dispossessor. This joint effort led to the successful shutdown of key components of the group’s operations, a significant win in the ongoing battle against ransomware and cybercrime.
While the disruption of Radar/Dispossessor is a positive development, experts caution that cybercriminal groups and forums often find ways to resurface or regroup after takedowns. It is crucial for organizations to remain vigilant and implement robust cybersecurity measures to protect themselves against such threats. This includes regularly patching software, updating applications to the latest versions, and enforcing strong password hygiene practices to mitigate the risk of falling victim to ransomware attacks.
As the threat of ransomware continues to evolve, the collaborative efforts of law enforcement and cybersecurity professionals will be crucial in combating these malicious actors and safeguarding businesses and individuals from potentially devastating cyberattacks.