The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation.
The joint operation was carried out in collaboration with the U.K.'s National Crime Agency, the Bamberg Public Prosecutor's Office, and the Bavarian State Criminal Police Office (BLKA).
Law enforcement seized three U.S. servers, three U.K. servers, 18 German servers, eight U.S.-based domains, and one German-based domain, including radar[.]tld, dispossessor[.]com, cybernewsint[.]com (fake news site), cybertube[.]video (fake video site), and dispossessor-cloud[.]com.
Since August 2023, Dispossessor—led by a threat actor known as Brain—has targeted small to mid-sized businesses in various sectors worldwide, claiming attacks against dozens of companies (the FBI identified 43 victims) from the U.S., Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany.
The FBI says the ransomware gang breaches networks through vulnerabilities, weak passwords, and the lack of multi-factor authentication configured on accounts. After gaining access to the victim's network, they steal data and deploy the ransomware to encrypt the company's devices.
