International Takedown of “Radar/Dispossessor” Ransomware Group by FBI and Global Law Enforcement Agencies

In a groundbreaking international effort, the FBI, in collaboration with law enforcement agencies worldwide, has successfully dismantled the notorious “Radar/Dispossessor” ransomware group. Led by the online alias “Brain,” this cybercriminal organization targeted small-to-mid-sized businesses across various sectors, causing significant disruption and financial losses.

The FBI’s Cleveland division announced the successful takedown on August 12th, following a coordinated operation that resulted in the seizure of critical servers and domains used by the group. Authorities confiscated three servers each in the United States and the United Kingdom, along with 18 servers in Germany. Additionally, eight U.S.-based and one German-based domain utilized by the cybercriminals were also seized.

The Radar/Dispossessor group emerged in August 2023 and quickly gained notoriety for its “dual-extortion” model, encrypting victim data while threatening to release it publicly if ransom demands were not met. Their targets spanned multiple sectors, including production, development, education, healthcare, finance, and transportation, with victims identified in 13 countries worldwide.

The investigation revealed the group’s tactics, which included exploiting vulnerabilities in victim systems such as weak passwords and a lack of two-factor authentication. Once access was gained, the attackers escalated privileges to deploy ransomware for data encryption, rendering critical information inaccessible.

To pressure victims into paying the ransom, the cybercriminals engaged in proactive communication, showcasing stolen data and even publicly announcing data breaches on a dedicated leak site with countdown timers. The FBI is actively seeking information about Brain and his criminal network, urging businesses targeted by Radar Ransomware to report incidents to the Internet Crime Complaint Center for support and anonymity.