The FBI announced on Monday that it has taken down the servers and websites used by the Radar/Dispossessor ransomware group. This action was part of a global investigation involving the U.K.'s National Crime Agency, the Bamberg Public Prosecutor's Office, and the Bavarian State Criminal Police Office (BLKA).
Law enforcement agencies seized several servers and websites, including three in the U.S., three in the U.K., 18 in Germany, and nine domains, some of which included radar[.]tld, dispossessor[.]com, and cybertube[.]video. These sites were used by the group to carry out their attacks.
Since August 2023, the Dispossessor group, led by a hacker known as "Brain," has been targeting small to mid-sized businesses around the world. The FBI identified 43 victims across various countries, including the U.S., Argentina, Australia, India, and Germany.
The ransomware gang gained access to company networks by exploiting security weaknesses like outdated software, weak passwords, and a lack of multi-factor authentication. Once inside, they stole data and then used ransomware to lock the companies out of their own systems by encrypting their files.
If the companies didn’t contact them, the criminals would reach out to other people in the company to pressure them into paying, sometimes sharing stolen files through fake video platforms.
The FBI is urging past victims or those targeted by this group to share any information they have by contacting the Internet Crime Complaint Center or calling 1-800-CALL-FBI.
When Dispossessor first appeared, they acted as an extortion group, reposting old data stolen during previous ransomware attacks by a group called LockBit. They claimed to be affiliates of LockBit and even tried to sell stolen data on hacking forums.
As of June 2024, Dispossessor began using a ransomware tool leaked from LockBit 3.0 to carry out their own attacks.
In the past year, law enforcement has been actively cracking down on various cybercrimes, including cryptocurrency scams, malware development, phishing attacks, and other ransomware operations. They have also targeted and disrupted other ransomware groups like ALPHV/Blackcat, LockerGoga, MegaCortex, and Hive.