Skip to content

FBI dismantles 24 servers of the Radar ransomware group

  • by
  • 3 min read

In collaboration with international law enforcement agencies, the FBI has successfully disrupted 24 servers in the United States, the United Kingdom, and Germany belonging to the infamous ransomware group ‘Radar/Dispossessor.’ The group, led by cybercriminals operating under the alias ‘Brain,’ has been responsible for devastating ransomware attacks targeting businesses and organisations across multiple sectors worldwide.

The operation, announced on August 12, 2024, culminated in dismantling several critical infrastructure components supporting the ransomware group’s activities.

Authorities took down three servers in the United States, three in the United Kingdom, and 18 in Germany. Additionally, eight US-based and one German-based criminal domains used by the group were also seized.

Initially, the investigation focused on the United States. It later expanded to countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany, encompassing 43 companies.

Radar/Dispossessor quickly emerged as a significant international cybersecurity threat. Their operations primarily targeted small and medium-sized enterprises across a diverse range of sectors, including but not limited to healthcare, education, finance, and transportation.

“Since its inception in August 2023, Radar/Dispossessor has quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organisations from the production, development, education, healthcare, financial services, and transportation sectors,” FBI notes.

The group employed a technique known as ‘double extortion,’ in which attackers infiltrated a target’s system and encrypted critical data, rendering it inaccessible to the rightful owners. Furthermore, the group didn’t stop there. They also stole sensitive information from the compromised systems.

Illustration: JMiks | Shutterstock
Illustration: JMiks | Shutterstock

This technique gives the group an advantage in negotiations. Even if the organisation has a strong backup, the encryption will prevent it from functioning. If an organization doesn’t cooperate with the group, they will release the stolen data on the dark web.

The group’s success was attributed to its ability to exploit common vulnerabilities in its targets’ systems. Radar/Dispossessor sought out weak passwords, lack of two-factor authentication, and other security lapses to infiltrate and compromise systems.

Once inside, the attackers escalated their privileges to gain administrator rights, which allowed them to deploy the ransomware and effectively encrypt the victims’ data.

“Radar/Dispossessor identified vulnerable computer systems, weak passwords, and a lack of two-factor authentication to isolate and attack victim companies. Once the criminals gained access to the systems, they obtained administrator rights and easily gained access to the files. The actual ransomware was then used for encryption,” says the FBI.

Following an attack, the group would contact victims directly if they had not initiated communication, often via email or phone. These communications were designed to maximise pressure, sometimes including links to video platforms showcasing stolen files.

The use of a countdown timer on a dedicated leak page underscored the threat of public release, further pressuring the organisation to pay the ransom.

In the News: JS Help Desk WordPress plugin’s RCE flaw affects 5,000 websites

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>