Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Radar/Dispossessor Ransomware Operation Disrupted by Authorities

Law enforcement agencies in the US, Germany, and the UK have disrupted the Radar/Dispossessor ransomware infrastructure.

ransomware takedown

Law enforcement agencies in the US, Germany, and the UK on Monday announced the successful disruption of infrastructure used by the Radar/Dispossessor ransomware group.

Active since August 2023, Radar/Dispossessor has been targeting small-to-mid-sized businesses and organizations in the development, education, financial services, healthcare, production, and transportation sectors.

To date, the group has made at least 43 victims in Argentina, Australia, Belgium, Brazil, Canada, Croatia, Germany, Honduras, India, Peru, Poland, the UAE, and the UK. However, the group also focused on the US and authorities believe that many targeted organizations have not been identified yet.

According to the FBI, the Radar/Dispossessor ransomware gang was led by an individual known as ‘Brain’, operating multiple websites.

On August 12, the FBI and the Bavarian State Criminal Police Office (BLKA) announced the takedown of 24 servers associated with the group, including 18 in Germany, three in the US, and three in the UK. The law enforcement agencies also dismantled nine domains used by the group: eight in the US and one in Germany.

Over the past year, Radar/Dispossessor has been exploiting vulnerable systems, weak passwords, and the lack of multi-factor authentication to target victim companies. Following initial access, the group would escalate privileges and gain access to the victims’ files, and then deploy file-encrypting ransomware.

The ransomware gang also exfiltrated the data and used it to blackmail the victim organizations into paying a ransom.

To increase the pressure on victims, the group would contact various individuals within these organizations, either via email or phone, and listed the organizations’ names on a Tor-based leak site, threatening to release the stolen data unless a ransom was paid.

Advertisement. Scroll to continue reading.

According to BLKA, 12 individuals associated with Radar/Dispossessor have been identified in Germany, Lithuania, Kenya, Russia, Serbia, the UAE, and Ukraine. An international arrest warrant was issued for a suspect who was charged in Germany.

Related: Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress

Related: Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals

Related: Belgian, Dutch Police Dismantle Cybercrime Group

Related: Law Enforcement Dismantle Infrastructure of Russian ‘RSOCKS’ Botnet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights