On Monday, the FBI announced a major operation against the Radar/Dispossessor ransomware group, revealing that dozens of servers across the U.S. and Europe had been “dismantled.” The operation targeted the group, which some experts believe was founded by former affiliates of the LockBit ransomware network and has been active since last year.
The FBI’s Cleveland office reported that the group is led by an individual known as “Brain.” In the operation, law enforcement seized three servers in the U.S., three in the U.K., and 18 in Germany. Additionally, eight domains in the U.S. and one in Germany were shut down.
The FBI has not provided details on any arrests related to the operation. According to the bureau, Radar/Dispossessor emerged in August 2023 and has been targeting small to mid-sized businesses and organizations. The investigation uncovered that 43 companies worldwide, including in the U.S., South America, India, Europe, and the UAE, were affected. The group’s primary targets included sectors such as education, healthcare, financial services, and transportation.
Like many ransomware gangs, Radar/Dispossessor operated by breaching networks, stealing data, and then encrypting systems. The full extent of the group’s impact remains unclear, as many ransomware operations involve variants and affiliate networks.
The FBI, in collaboration with the U.S. Justice Department, the U.K.’s National Crime Agency, and German law enforcement, conducted the takedown. The operation follows reports from cybersecurity experts noting that Radar/Dispossessor’s leak site closely resembles that of the now-defunct LockBit group. SOCRadar highlighted the similarity in design and content between the sites, suggesting a potential connection or rebranding effort.
Initially, Dispossessor appeared to function primarily as a data broker, but it later sought hackers to carry out attacks. Following the shutdown of LockBit, there were claims that Dispossessor was selling information from over 300 LockBit victims. Some victims of Radar/Dispossessor were also previously targeted by other ransomware groups.
In a recent unverified interview, alleged members of Radar/Dispossessor claimed the group includes former LockBit affiliates who were inspired by the defunct network. They also claimed to use artificial intelligence to quickly analyze stolen files and mentioned avoiding attacks on Chinese targets.
At the recent DefCon cybersecurity conference in Las Vegas, U.S. officials praised the series of takedowns but acknowledged the persistent challenge of disrupting ransomware operations. Anne Neuberger, deputy national security adviser for cyber at the White House, emphasized the temporary nature of such takedowns and the ongoing vulnerabilities in global infrastructure that attackers can exploit.
“Despite our efforts and international collaboration, the infrastructure remains vulnerable,” Neuberger said. “Attackers can often quickly adapt and re-emerge.”
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Wow!