The FBI [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], in collaboration with law enforcement agencies in the UK and Germany [6] [7], has successfully disrupted the Radar ransomware group [7] [11], also known as “Dispossessor,” led by a ringleader named “Brain.”
Description
This group, which originally operated alongside the LockBit ransomware gang, targeted at least 43 corporate victims across multiple countries since August 2023 [7], including small-to-mid-sized businesses and organizations in various sectors internationally such as production [4], development [8], education [2] [8], healthcare [2] [8], financial services [2] [8], and transportation [2] [8]. Utilizing double extortion techniques [7], the group exploited security flaws in victim companies’ systems [3], stole and encrypted files [7] [8], and demanded ransom in exchange for not publishing the data [3]. The effort led to the dismantling of servers in the US [4], UK [3] [5] [7] [10] [11], and Germany [3] [4] [5] [6] [7] [10] [11], as well as criminal domains in both countries [4]. Despite the seizure of servers and domains linked to the group, the ringleader and other members are still at large [7]. However, law enforcement has been effective in disrupting other ransomware groups this year [7]. The FBI encourages those with information on Brain or Radar Ransomware to contact its Internet Crime Complaint Center [8]. Radar also targeted victims in countries such as Australia, Brazil [11], India [11], Canada [11], and the UAE. The takedown of the group was a result of international collaboration between law enforcement agencies [1], with the FBI identifying victims from various countries and urging others with information to come forward [1]. Law enforcement agencies have dismantled multiple servers and criminal domains associated with the Radar/Dispossessor Ransomware Group [9], a threat group that has targeted small- to mid-sized businesses and organizations in various sectors across multiple countries [9]. The group uses a dual-extortion method [8] [9], exfiltrating and encrypting files from compromised organizations and threatening to leak or destroy critical data if a ransom is not paid [9]. The FBI encourages those affected by ransomware attacks to contact its Internet Crime Complaint Center and advises against paying ransom to threat actors [9].
Conclusion
The disruption of the Radar ransomware group is a significant achievement in the fight against cybercrime. It highlights the importance of international collaboration in combating such threats and underscores the need for organizations to strengthen their cybersecurity measures to protect against ransomware attacks. Moving forward, it is crucial for law enforcement agencies and businesses to continue working together to identify and dismantle ransomware groups, ultimately reducing the impact of these malicious activities on individuals and organizations worldwide.
References
[1] https://duo.com/decipher/fbi-disrupts-radar-dispossessor-ransomware-group
[2] https://www.scmagazine.com/brief/radar-dispossessor-ransomware-dismantled-in-global-operation
[3] https://techcrunch.com/2024/08/12/fbi-takes-down-ransomware-gang-that-hacked-dozens-of-companies/
[4] https://thehackernews.com/2024/08/fbi-shuts-down-dispossessor-ransomware.html
[5] https://www.techradar.com/pro/security/fbi-claims-success-in-taking-down-another-major-ransomware-group
[6] https://www.techtarget.com/searchsecurity/news/366603080/Law-enforcement-disrupts-Radar-Dispossessor-ransomware-group
[7] https://www.infosecurity-magazine.com/news/fbi-dismantle-radardispossessor/
[8] https://www.helpnetsecurity.com/2024/08/13/radar-dispossessor-disruption/
[9] https://cybersecuritynews.com/fbi-dismantles-dispossessor/
[10] https://www.darkreading.com/cyberattacks-data-breaches/fbi-shuts-down-dozens-of-radar-dispossessor-ransomware-servers
[11] https://techmonitor.ai/technology/cybersecurity/fbi-radar-ransomware
