The FBI has teamed up with law enforcers in the UK and Germany to dismantle IT infrastructure associated with a prolific ransomware group.
Also known as “Dispossessor,” the Radar group focuses its efforts on SMBs in the production, development, education, healthcare, financial services and transportation sectors, the FBI said in a post yesterday.
Working with the UK’s National Crime Agency (NCA), the Bavarian State Criminal Police Office (BLKA) and other agencies in the US, it recently dismantled three US servers, three in the UK and 18 in Germany that were linked to the group.
Eight domains based in the US and one in Germany associated with Radar/Dispossessor were also taken down.
Read more on law enforcement ransomware takedowns: Police Dismantle Ragnar Locker Ransomware Group
The FBI claimed to have discovered at least 43 corporate victims of the ransomware collective, from countries spanning Central and South America, Europe, South Asia, the UK and Australia.
Radar/Dispossessor uses classic double extortion techniques, taking advantage of weak passwords and a lack of multi-factor authentication to access victim networks, obtain admin rights and steal and encrypt files, the FBI claimed.
“Once the company was attacked, if they did not contact the criminal actor, the group would then proactively contact others in the victim company, either through email or phone call,” it explained. “The emails also included links to video platforms on which the previously stolen files had been presented. This was always with the aim of increasing the blackmail pressure and increasing the willingness to pay.”
Despite claiming to have “shut down” the group, the FBI’s efforts will likely only cause a modicum of disruption given the ringleader, dubbed “Brain,” and others are still at large.
That said, law enforcement is on something of a roll this year, having caused major disruption to LockBit and forcing ALPHV/BlackCat to shutter its operations after an apparent exit scam.