FBI Cleveland announced a significant victory against cybercrime by disrupting “Radar/Dispossessor,” a notorious ransomware group led by the online moniker “Brain.”
This operation dismantled three servers in the United States, three in the United Kingdom, and 18 in Germany.
Additionally, authorities seized eight U.S.-based criminal domains and one German-based domain.
The takedown was a collaborative effort involving the U.K.’s National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the U.S. Attorney’s Office for the Northern District of Ohio.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
Since its inception in August 2023, Radar/Dispossessor has quickly evolved into an international menace. The group targets small- to medium-sized businesses across various sectors: production, education, healthcare, and financial services.
Initially focused on U.S. entities, the FBI investigation revealed 43 companies worldwide as victims, including those in Argentina, Australia, Belgium, and Germany.
The ransomware employed a dual-extortion model, encrypting victims’ systems and exfiltrating data to pressure victims into paying ransoms.
Ransomware, a form of malicious software, encrypts data on a computer, rendering it unusable until a ransom is paid. Radar/Dispossessor exploited vulnerabilities such as weak passwords and lack of two-factor authentication to gain access to systems.
Once inside, the group obtained administrator rights and encrypted files and contacted victims to demand payment. The attackers threatened to release stolen data publicly if the ransom was not paid.
The FBI urges businesses targeted by ransomware to report incidents to its Internet Crime Complaint Center at ic3.gov or 1-800-CALL-FBI. The investigation is ongoing, and authorities are determined to bring those responsible to justice.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…