The Radar/Dispossessor gang targeted SMEs in 14 countries, but has now lost servers and domains due to the law enforcement operation.
A ransomware gang linked to dozens of cyberattacks worldwide has been severely disrupted by an international investigation that included the FBI, Germany police and the UK National Crime Agency.
The law enforcement operation managed to disrupt the gang called ‘Radar’ or ‘Dispossessor’, a ransomware group that attacked at least 43 companies in 14 countries. The investigation found “a multitude of websites” associated with this gang.
The operation managed to dismantle the gang’s servers around the world, including three in the US, three in the UK and 18 in Germany. The disruption also shut down eight US-based “criminal domains” and one based in Germany.
The FBI said Radar was formed in August 2023 and quickly became an “internationally impactful” group, targeting SMEs across various sectors including production, development, education, healthcare, financial services and transportation.
The methods of this particular gang sound similar to many ransomware gangs, focusing on a “dual-extortion model”. This involves stealing victims’ data and holding it for ransom while also encrypting the victim’s systems.
The goal of this type of attack is to panic the victim into paying the ransom in order to have their systems decrypted and to prevent the stolen data from being sold or exposed online. Many experts and the FBI advise against paying ransoms – it fuels further criminal activity and there is no guarantee the stolen data will be returned.
“Radar/Dispossessor identified vulnerable computer systems, weak passwords and a lack of two-factor authentication to isolate and attack victim companies,” the FBI said in a statement. “Once the criminals gained access to the systems, they obtained administrator rights and easily gained access to the files.
“Once the company was attacked, if they did not contact the criminal actor, the group would then proactively contact others in the victim company, either through email or phone call. The emails also included links to video platforms on which the previously stolen files had been presented. This was always with the aim of increasing the blackmail pressure and increasing the willingness to pay.”
The FBI said the total number of organisations affected by this gang is “yet to be determined” as ransomware can have many variants. It also did not announce any arrests linked to the operation.
While the activity has disrupted the gang, it is unclear how disruptive it will be – without arrests, the criminals could simply restart their operations at a later date. The notorious LockBit ransomware gang was similarly disrupted earlier this year, but was operating again at a reduced capacity after only a few days.
Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, spoke to SiliconRepublic.com about how ransomware gangs prepare for the potential risk of law enforcement disruptions.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.