FBI-led Operation Shut Down Radar/Dispossessor Ransomware Group’s Servers
The Federal Bureau of Investigation (FBI) led an international operation against the Radar/Dispossessor ransomware group, resulting in the dismantling of 24 servers used by the group, including 3 in the US, along with 9 criminal domains, 8 of which were in the US. Radar/Dispossessor is a criminal ransomware-as-a-service (RaaS) group led by an individual with the moniker ‘Brain.’ The group uses affiliates to conduct attacks in exchange for a percentage of any ransoms that are paid and has been in operation since August 2023. Like many other criminal ransomware groups, Radar/Dispossessor engages in double extortion, where sensitive data is identified and exfiltrated from victims’ systems and held to ransom in addition to encrypting files. Payment is required to decrypt data and to prevent the stolen data from being released to the public.
The group is known to exploit weak passwords and a lack of 2-factor authentication to gain access to victims’ networks, then administrator rights are obtained to access and exfiltrate files and deploy the ransomware payload. If victims do not make contact to negotiate payment, the group would proactively contact other individuals in the company via phone and email to increase the pressure on victims to pay, including sending links to sites where proof of data theft has been uploaded. If those tactics do not work, the group adds victims to its data leak site and starts a countdown timer for making contact, after which the stolen data is published. The group has also been observed publishing data stolen by other ransomware groups on its data leak site in an attempt to extort companies that have suffered attacks by other groups.
The group attacks small to medium-sized businesses, with the majority of its victims in the production, development, education, healthcare, financial services, and transportation sectors. The group initially focused its efforts on attacking US companies but is now known to have conducted attacks around the world. At least 43 companies are known to have fallen victim to the group’s attacks, and potentially many more. The FBI has not yet been able to determine exactly how many companies have been attacked as the group uses different ransomware variants.
The disruption caused by the law enforcement operation is likely to slow attacks considerably; however, the disruption is usually only temporary as ransomware groups simply rebuild their infrastructure and recommence their operations. The FBI is seeking information from the public about Radar ransomware and any information about the leader of the group to bring that individual to justice.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
