FBI claims success in taking down another major ransomware group

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

(Image credit: Getty Images)

The FBI has announced taking down the infrastructure belonging to a notorious ransomware operation known as Radar (AKA Dispossessor).

Even though the group doesn’t enjoy the same level of fame as the likes of LockBit or Black Basta, Radar was still a fairly formidable organization - the FBI’s announcement claimed it had hit 43 victim organizations located all over the world, including the US, UK, Germany, and many others.

As a result of the FBI’s operation, the organization took down Radar’s website, and seized a number of servers. The website now features an FBI message stating “This website has been seized”. In total, three servers in the US, three in the UK, and 18 in Germany, were confiscated. Furthermore, the FBI took eight “criminal domains” in the US, and one in Germany.

Exploiting flaws

Radar’s modus operandi does not differ much from what we’re used to in the ransomware scene.

The group, operated by a ringleader named “Brain”, employs the double-extortion tactic, by first stealing sensitive information from the victim organization, and then deploying the encryptor which renders the entire IT infrastructure useless. It then demands a ransom payment, usually in bitcoin or Monero, in exchange for the decryption key.

If the company refuses, and instead reloads its systems from a backup, it will threaten to release the stolen files online. From time to time, the group would also reach out to its victims via phone, it was said.

To access their target’s systems, Radar looks for vulnerabilities, weak passwords, and a lack of multi-factor authentication (MFA), the FBI confirmed.

This is not the first time law enforcement has recently seized IT infrastructure belonging to ransomware operations, as a few months ago, police hit the LockBit cybercrime gang.

While commendable, it will probably make little difference in the long run, as without any arrests, the perpetrators can just rebuild and continue their operations.

More from TechRadar Pro

Cyber attacks against key US infrastructure continue, but this time its China
Here's a list of the best malware removal tools around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.