FBI Cleveland announced a significant victory against cybercrime by disrupting “Radar/Dispossessor,” a notorious ransomware group led by the online moniker “Brain.”
This operation dismantled three servers in the United States, three in the United Kingdom, and 18 in Germany.
Additionally, authorities seized eight U.S.-based criminal domains and one German-based domain.
The takedown was a collaborative effort involving the U.K.’s National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the U.S. Attorney’s Office for the Northern District of Ohio.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
Since its inception in August 2023, Radar/Dispossessor has quickly evolved into an international menace. The group targets small- to medium-sized businesses across various sectors: production, education, healthcare, and financial services.
Initially focused on U.S. entities, the FBI investigation revealed 43 companies worldwide as victims, including those in Argentina, Australia, Belgium, and Germany.
The ransomware employed a dual-extortion model, encrypting victims’ systems and exfiltrating data to pressure victims into paying ransoms.
Ransomware, a form of malicious software, encrypts data on a computer, rendering it unusable until a ransom is paid. Radar/Dispossessor exploited vulnerabilities such as weak passwords and lack of two-factor authentication to gain access to systems.
Once inside, the group obtained administrator rights and encrypted files and contacted victims to demand payment. The attackers threatened to release stolen data publicly if the ransom was not paid.
The FBI urges businesses targeted by ransomware to report incidents to its Internet Crime Complaint Center at ic3.gov or 1-800-CALL-FBI. The investigation is ongoing, and authorities are determined to bring those responsible to justice.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…