The FBI has announced that they are shutting down the infrastructure of a notorious ransomware operation called Radar (also known as Dispossessor).
Although not as well-known as LockBit or Black Basta, Radar was still a pretty powerful organization. The FBI reported that they had hit 43 victim organizations around the world, including the US, UK, Germany, and many others.
As a result of the FBI’s operation, the organization has taken Radar’s website offline and seized a number of servers. The website now features an FBI message that reads “This website has been seized.” In total, three servers were seized in the US, three in the UK, and 18 in Germany. The FBI also seized eight “criminal domains” in the US and one in Germany.
Exploiting flaws
Radar’s modus operandi is not much different from what we are used to in the ransomware scene.
The group, led by a leader named “Brain,” uses the double extortion tactic, first stealing sensitive information from the victim organization and then deploying the encryptor that renders the entire IT infrastructure useless. It then demands a ransom payment, usually in bitcoin or Monero, in exchange for the decryption key.
If the company refuses and instead reloads its systems from a backup, it will threaten to release the stolen files online. From time to time, the group would also contact its victims by phone, it was said.
To gain access to their target’s systems, Radar looks for vulnerabilities, weak passwords and a lack of multi-factor authentication (MFA), the FBI confirmed.
This is not the first time that police have seized IT infrastructure recently that is part of ransomware operations. A few months ago, police attacked the cybercriminal gang LockBit.
While this is commendable, it is unlikely to make much difference in the long run, as without arrests the perpetrators will be able to rebuild their businesses and continue their activities.