FBI Dismantles ‘Radar/Dispossessor’ Ransomware Gang, Seizing Servers Across the Globe

Dispossessor Ransomware

The FBI has successfully disrupted the notorious “Radar/Dispossessor” ransomware operation, led by the elusive cybercriminal known as “Brain.” The operation, which targeted businesses and organizations across multiple continents, was brought down through a coordinated international effort involving law enforcement agencies from the US, UK, and Germany.

Since its emergence in 2023, Radar/Dispossessor had quickly established a reputation for ruthless efficiency, exploiting vulnerabilities in computer systems and extorting victims through the encryption and threatened public release of stolen data. The gang’s reach extended far beyond the US, leaving a trail of victims in over a dozen countries, from Argentina to the United Arab Emirates.

Radar/Dispossessor employs a dual-extortion model that combines data encryption with the exfiltration of sensitive information. Victims were not only locked out of their systems but also faced the threat of public exposure of their data if they refused to pay the demanded ransom. The group leveraged vulnerabilities in computer systems, weak passwords, and the absence of two-factor authentication to gain unauthorized access, escalate privileges, and deploy their ransomware.

Once inside a victim’s network, Radar/Dispossessor moved swiftly. The criminals gained administrator rights, enabling them to easily access and encrypt critical files. The group then used a variety of tactics to pressure victims into paying the ransom. If the targeted company did not respond promptly, the attackers would escalate their efforts by contacting other employees within the organization via email or phone, often including links to video platforms showcasing the stolen data. This method of psychological pressure was designed to increase the urgency and likelihood of payment.

The final stage of their operation involved a public shaming tactic. The compromise would be announced on a separate leak page, with a countdown timer indicating when the stolen data would be publicly released if the ransom was not paid. This fear of reputational damage often coerced companies into compliance.

The FBI’s disruption of the Radar/Dispossessor group marks a significant milestone in the fight against ransomware. By dismantling the group’s operational infrastructure, including multiple servers and domains across the U.S., UK, and Germany, the FBI effectively crippled the group’s ability to continue its malicious activities.

Related Posts: