FBI Shuts Down Dispossessor Ransomware Operations, Domains Dismantled

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Law enforcement has been attacking cyber threat actors for quite some time now. The FBI has taken down several servers belonging to multiple threat actors to disrupt their malicious operations.

However, the FBI announced the Shutdown of a Ransomware group named “Radar/Dispossessor”. This ransomware group was reportedly run by a person who goes by the name “Brain.”

Law enforcement has dismantled three U.S. servers, 3 UK servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. 

Radar/Dispossessor Ransomware Group

This threat group was first identified in August 2023 and has gained notoriety over time.

This quick popularity was due to the threat group’s activities targeting and attacking small- to mid-sized businesses and organizations in the production, development, education, healthcare, financial services, and transportation sectors. This threat actor originally focused on entities in the United States.

Nevertheless, the FBI investigations discovered that the threat group has attacked over 43 companies belonging to different countries, such as Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany.

The Radar Ransomware uses a dual-extortion method in which the files from the compromised organizations are exfiltrated as well as encrypted.

Further, the victims are threatened and pressured to pay, failing which will result in leaking or destroying their critical data.

However, this Radar ransomware group’s threat activity starts its initial access vector by identifying vulnerable computer systems, weak passwords, and a lack of two-factor authentication to isolate and attack victim companies. 

Once they identify a vulnerable point and gain access to the systems, they obtain administrator rights that will provide easier access to sensitive files in the environment.

Following this, the files are then exfiltrated to the attacker’s server while they are encrypted in the victim’s environment. This encryption prevents the victim organization from accessing their sensitive files.

Like any other ransomware group, a ransom note will be left on the encrypted servers and systems, containing instructions for contacting the threat actor.

If the victims do not contact the threat actors, the threat actors then proactively contact others in the victim company, either through email or phone calls.

These emails will also consist of a video link in which they present the stolen files from the organizations as a means of increasing the blackmail pressure.

Moreover, the negotiations take place in a separate leak site that has a countdown indicating the time left, before the files are leaked to the public in case the ransom is not paid. The total number of businesses and organizations affected is yet to be determined.

The FBI encourages those with information about Brain or Radar Ransomware—or if their business or organization has been a target or victim of ransomware or currently paying a criminal actor—to contact its Internet Crime Complaint Center at ic3.gov or 1-800-CALL-FBI.

Your identity can remain anonymous.” reads the FBI’s announcement. It is important for organizations to update their software and systems regularly.

Even if there is a ransomware attack, the victims are advised not to pay these threat actors as there is no guarantee that the files will be decrypted.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces