The FBI announced on Monday that it had successfully taken down the servers and websites associated with the Radar/Dispossessor ransomware operation following an extensive international investigation.
This joint effort, in collaboration with the U.K.’s National Crime Agency, the Bamberg Public Prosecutor’s Office, and the Bavarian State Criminal Police Office (BLKA), led to the seizure of several key infrastructure components used by the cybercrime group.
Law enforcement agencies confiscated three servers in the U.S., three in the U.K., 18 in Germany, and nine domains, including radar[.]tld, dispossessor[.]com, and others that were instrumental in facilitating ransomware attacks and spreading disinformation through fake news and video platforms.
Dispossessor, a ransomware group led by a threat actor known as “Brain,” had been active since August 2023. The group primarily targeted small to mid-sized businesses across various sectors worldwide, with the FBI identifying 43 victims in countries such as the U.S., Argentina, Australia, Belgium, Brazil, India, Canada, and more.
According to the FBI, Dispossessor exploited network vulnerabilities, weak passwords, and the lack of multi-factor authentication to gain unauthorized access to systems. Once inside, the attackers would escalate their privileges to gain administrator rights, allowing them to encrypt the company’s data and effectively lock victims out of their own systems.
If a victim did not respond to the ransom demands, the cybercriminals would take proactive measures, contacting other individuals within the targeted company through email or phone calls. They would also threaten to release the stolen data publicly on fake video platforms, adding pressure on the companies to pay the ransom.
Dispossessor initially began as an extortion group, reposting old data stolen during LockBit ransomware attacks and claiming affiliation with LockBit. The group repurposed this previously leaked data to continue their extortion activities. They also reposted leaks from other ransomware groups and attempted to sell this data on breach markets and hacking forums like BreachForums and XSS.
In June 2024, the group expanded its operations by deploying the leaked LockBit 3.0 encryptor, significantly enhancing its ability to carry out encryption attacks on a broader scale.
This recent takedown is part of a larger, ongoing effort by global law enforcement to combat cybercrime, which has included targeting ransomware, malware development, phishing attacks, and cryptocurrency scams. Authorities have also successfully infiltrated and disrupted several notorious ransomware groups, including ALPHV/Blackcat, Ragnar Locker, and Hive.
The FBI has encouraged any past or current victims of Dispossessor’s attacks to come forward with information that could assist in the ongoing investigation. Victims are urged to contact the Internet Crime Complaint Center (ic3.gov) or reach out directly via 1-800-CALL FBI. This operation marks a significant victory in the fight against ransomware, underscoring the critical role of international cooperation in addressing cybercrime on a global scale.
