FBI Shuts Down Dozens of Radar/Dispossessor Ransomware Servers

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

The FBI has shut down dozens of servers associated with the Radar/Dispossessor ransomware operations, disrupting a group that originally piggybacked on activity of an existing ransomware gang but eventually became its own cybercriminal force to be reckoned with.
The agency dismantled various pieces of the groups global computer infrastructure, including three servers in the US; three in the UK; 18 servers in Germany; eight US-based criminal domains; and one German-based criminal domain, FBI Cleveland
revealed
in a press release this week.
Radar/Dispossessor, operated by a person with the online moniker Brain, first came onto the cybercriminal scene in August 2023 as an operation that published data stolen by the LockBit ransomware gang in an attempt to profit from it,
according to researchers
at SentinelOne. However, it soon evolved into a full-fledged ransomware gang of its own.
At the time of the FBI bust, the group had developed into an international ransomware gang with a particular focus on
small-to-mid-sized businesses
(SMBs) and organizations from the production, development, education, healthcare, financial services, and transportation sectors, according to the law enforcement organization.
The FBI conducted its investigation and subsequent takedown of the groups infrastructure in collaboration with the the UKs National Crime Agency, Bamberg Public Prosecutors Office, Bavarian State Criminal Police Office (BLKA), and US Attorneys Office for the Northern District of Ohio.
Radar/Dispossessor originally attacked US organizations but eventually branched out globally; the FBI identified 43 victims from not only the US but also Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the UK, the United Arab Emirates, and Germany.
During its investigation, the FBI identified a multitude of websites associated with Brain and his team, according to the release.
Like many other groups, Radar/Dispossessor used
double extortion
as its criminal model, exfiltrating organizations critical data in attacks to hold for ransom in addition to encrypting their computer systems. Its typical attacks included finding vulnerabilities, using weak passwords, and discovering a lack of two-factor authentication (2FA) as an entry point into victim systems. Once initial access was gained, the group escalated privileges to admin status to gain access to files and then deployed ransomware-based encryption from there.
The group was known for being relentless in its pursuit of a ransom payment, according to the FBI. Once a company was attacked, Radar/Dispossessor would then proactively contact company employees either through emails or phone calls, including links to video platforms showing videos of stolen data to turn up the heat, the agency said.
This was always with the aim of increasing the blackmail pressure and increasing the willingness to pay, the FBI said. Radar/Dispossessor then used a separate leak page to set a countdown for public release of the victim data if organizations didnt pay the ransom.
Radar/Dispossessor joins a growing list of cybercriminal operations that have been
disrupted
significantly or taken out indefinitely by global law-enforcement over the last several years, including the notorious ransomware gangs
LockBit
and
ALPHV/BlackCat,
as well as hacker forums such as
BreachForums
and
Genesis
.
However, most of these groups or forums end up resurfacing in some form or another, whether as a similar unit or allying with their former members in splinter cybercriminal gangs.
Indeed, though the shutdown of cybercriminal infrastructure comes as great news, it would be even better if there were warrants for the arrests of the gangs leaders and if they were identified publicly, common notices that often accompany law-enforcement actions, noted Roger Grimes, data-driven defense evangelist at security awareness training firm KnowBe4. Thus as ransomware remains a prevalent threat, law-enforcement entities and security experts alike urge organizations to remain vigilant to protect themselves against attacks.
Given that initial entry often includes the abuse of software vulnerabilities and
weak passwords
, every organization should ensure that they are frequently updating applications to their latest versions and applying any necessary fixes, as well as encouraging strong
password hygiene
. These basic mitigations and protections are especially important for SMBs, which may not have the budgets to implement more robust and comprehensive protections.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FBI Shuts Down Dozens of Radar/Dispossessor Ransomware Servers