On August 12, 2024, a significant international operation led by law enforcement agencies from the United States, Germany, and the United Kingdom culminated in the disruption of the Radar/Dispossessor ransomware group. This criminal organization, which emerged in August 2023, had been targeting small-to-mid-sized businesses and organizations across various sectors, including healthcare, education, finance, and transportation. Radar/Dispossessor became notorious for its use of ransomware to encrypt files, exfiltrate data, and extort victims for ransom payments.
The coordinated takedown resulted in the seizure of 24 servers associated with the group—18 located in Germany, three in the United States, and three in the United Kingdom. Additionally, nine domains used by the group were dismantled, with eight based in the US and one in Germany. The FBI and the Bavarian State Criminal Police Office (BLKA) led the investigation, which revealed that Radar/Dispossessor had exploited system vulnerabilities and weak security measures to carry out their attacks.
Radar/Dispossessor’s modus operandi involved not only encrypting and exfiltrating data but also exerting pressure on victims by contacting various individuals within the organizations and listing the compromised entities on a Tor-based leak site. This strategy was designed to coerce payment by threatening to release sensitive information. The international crackdown has significantly hampered the group’s ability to operate and disrupted their extortion tactics.
Authorities have identified 12 individuals connected to Radar/Dispossessor in countries including Germany, Lithuania, Kenya, Russia, Serbia, the UAE, and Ukraine. An international arrest warrant has been issued for one suspect charged in Germany. The successful operation is expected to provide relief to numerous organizations affected by the group’s activities and serve as a deterrent to other ransomware operators.
Reference:
