The Cleveland Division of the FBI has disrupted the ransomware gang Radar/Dispossessor by dismantling its various servers and domains.
The FBI released a statement saying that on August 12th, 2024, the criminal gang led by the online moniker “Brian” had been disrupted.
Law enforcement dismantled three US servers, three UK servers, eighteen German servers, eight US-based criminal domains, and one German-based criminal domain, all belonging to Radar/Dispossessor.
The cybercrime gang began its activity in August 2023 and “quickly developed into an internationally impactful ransomware group targeting and attacking small-to-mid-sized businesses and organizations,” the FBI said.
Radar/Dispossessor targeted various sectors, including production, development, education, healthcare, financial services, and transportation. The group initially targeted entities in the US, but the FBI found that the ransomware gang had attacked 43 companies from 13 different countries.
The FBI also identified that hosts of websites were associated with Brian and his team of cybercriminals.
Much like traditional ransomware gangs, Radar ransomware “follows the same dual extortion model as other ransomware variants by exfiltrating victim data to hold for ransom in addition to encrypting victim’s systems,” the FBI states.
Ransomware is a form of malicious software, otherwise known as malware, that encrypts a user's data, making it inaccessible. The victim is urged to pay a ransom to restore the stolen data.
This ransomware gang worked by identifying vulnerable systems that use weak passwords or lack multi-factor authentication.
“Once the criminals gained access to the systems, they obtained administrator rights and easily gained access to the files. The actual ransomware was then used for encryption,” said the FBI.
The members of Radar/Dispossessor would actively contact people within the victim company via email or phone if the victims did not come forward with the ransom first.
These email links would then lead to videos showing the previously stolen files, increasing the pressure and likelihood of the victims paying.
The last step in their plan was to announce the stolen data on a leak page and set a countdown. If the ransom wasn’t paid, the data would be released to the public forum.
Your email address will not be published. Required fields are markedmarked