FBI Shutdown Prolific Ransomware Group “Radar/Dispossessor,” Domains Seized

According to TechCrunch, the above FBI seizure notice appears on the the Radar/Dispossessor ransomware and extortion gang website. Image Credits: FBI. Unfortunately, specific domain names seized haven’t been publicly released. Image credit: FBI.

WASHINGTON, D.C. – The FBI has announced they have shut down a prolific ransomware group known as “Radar/Dispossessor” and seized multiple internet domains and servers utilized by the cyber threat actors, reportedly headed up by an individual known by the code-name “Brain.”

As part of the FBI’s enforcement actions, they have dismantled a plethora of servers utilized by Radar/Dispossessor to carry out their ransomware attacks, including three in the United States, three in the United Kingdom, and 18 in Germany. In addition, the seized criminal domains include eight based in the U.S. and one German domain.

Radar/Dispossessor first came on the FBI’s radar in August 2023, and as their profile continued to raise in the internet’s underworld, law enforcement began devoting more and more resources to identify and, ultimately, take them down.

The group was known for concentrating their illicit efforts on small-to mid-sized businesses and organizations in the production, development, education, healthcare, financial services, and transportation fields. U.S-based entities were the initial targets, but the scope of Radar/Dispossessor’s victims grew over time to include other countries as well, with eventually 43 companies – located in Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany – falling prey to their attacks.

Radar/Dispossessor would utilize ransomware to extort the companies in question by stealing their critical data. They did this by tracking down and identifying weaknesses in a potential victim’s digital network, such as vulnerabilities in their computer systems, weak security passwords, or a lack of two-factor authentication protocol for access.

Once the critical data had been exfiltrated to the attacker’s server and solidly encrypted in the victim’s system, Radar/Dispossessor would then force the company to pay to get it back; failure to meet the group’s demands would result in the data either being publicly leaked and/or destroyed. However, the FBI notes that paying the ransom does not guarantee the attacked files will eventually be decrypted.

The FBI requests that any victims of Radar/Dispossessor – or those with information on the group’s dealings, including its leader, Brain – to contact its Internet Crime Complaint Center at ic3.gov or 1-800-CALL-FBI.

Filed Under: Domain Names, Security Issues Tagged With: 2023, Access, Actions, Actors, Announced, Arab, Argentina, Attacked, Attackers, Attacks, August, Australia, Authentication, Being, Belgium, Brain, Brain., Brazil, Businesses, Canada, Carry Out, Code-name, Companies, Company, Computer, Contact, Countries, Criminal, Critical, Croatia, Cyber Threat, Data, Decrypted, Demands, Destroyed, Development, Digital Network, Dismantled, Domain, Domains, Education, Efforts, Either, Emirates, Encrypted, Enforcement, Entities, Exfiltrated, Extort, Failure, Falling, FBI, Files, Financial, Force, German, Germany, Group, Groups, Guarantee, Healthcare, Honduras, Identify, Identifying, Illicit, India, Internet, Internet Crime, Known, Law, Leader, Leaked, Meet, Multiple, Organizations, Passwords, Pay, Paying, Peru, Plethora, Poland, Potential, Prey, Production, Profile, Prolific, Protocol, Publicly, Question, Radar, Radar Dispossessor, Raise, Ransom, Ransomware, Resources, Result, Security, Seized, Server, Servers, Services, Shut Down, Solidly, Stealing, System, Systems, Take Down, Targets, Time, Tracking, Transportation, Two-factor, Underworld, United Kingdom, United States, Utilize, Victims, Vulnerabilities, Weak, Weaknesses