Law enforcement agencies in the US, Germany, and the UK on Monday announced the successful disruption of infrastructure used by the Radar/Dispossessor ransomware group.
Active since August 2023, Radar/Dispossessor has been targeting small-to-mid-sized businesses and organizations in the development, education, financial services, healthcare, production, and transportation sectors.
To date, the group has made at least 43 victims in Argentina, Australia, Belgium, Brazil, Canada, Croatia, Germany, Honduras, India, Peru, Poland, the UAE, and the UK. However, the group also focused on the US and authorities believe that many targeted organizations have not been identified yet.
According to the FBI, the Radar/Dispossessor ransomware gang was led by an individual known as ‘Brain’, operating multiple websites.
On August 12, the FBI and the Bavarian State Criminal Police Office (BLKA) announced the takedown of 24 servers associated with the group, including 18 in Germany, three in the US, and three in the UK. The law enforcement agencies also dismantled nine domains used by the group: eight in the US and one in Germany.
Over the past year, Radar/Dispossessor has been exploiting vulnerable systems, weak passwords, and the lack of multi-factor authentication to target victim companies. Following initial access, the group would escalate privileges and gain access to the victims’ files, and then deploy file-encrypting ransomware.
The ransomware gang also exfiltrated the data and used it to blackmail the victim organizations into paying a ransom.
To increase the pressure on victims, the group would contact various individuals within these organizations, either via email or phone, and listed the organizations’ names on a Tor-based leak site, threatening to release the stolen data unless a ransom was paid.
According to BLKA, 12 individuals associated with Radar/Dispossessor have been identified in Germany, Lithuania, Kenya, Russia, Serbia, the UAE, and Ukraine. An international arrest warrant was issued for a suspect who was charged in Germany.
Related: Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress
Related: Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals
Related: Belgian, Dutch Police Dismantle Cybercrime Group
Related: Law Enforcement Dismantle Infrastructure of Russian ‘RSOCKS’ Botnet
