The US, UK, and Germany have taken down the international ransomware group “Radar/Dispossessor,” which is known for attacking sectors such as healthcare and financial services.
The investigation and joint takedown were conducted by the U.K.’s National Crime Agency, the US Attorney’s Office for the Northern District of Ohio, and Germany’s Bamberg Public Prosecutor’s Office and Bavarian State Criminal Police Office (BLKA).
The internationally-led investigation dismantled three US servers, three UK servers, 18 in Germany, eight US-based criminal domains, and a domain based in Germany.
Radar/Dispossessor began in August last year and targeted a range of small-to-mid-sized businesses.
Sectors victim to the group include production, development, education, healthcare, financial services, and transportation sectors.
Investigators discovered that while the gang initially focused on companies in the US, the gang had also struck 43 victims from countries including Argentina, Australia, Belgium, Brazil, India, Canada, and more.
The FBI detailed in a statement that Radar Ransomware typically followed a dual-extortion model: exfiltrating victim data to hold for ransom and encrypting systems.
The ransomware gang identified vulnerable computer systems, weak passwords, and a lack of two-factor authentication to isolate and attack victim companies.
Once it gained access, it obtained administrator rights and retrieved files. The ransomware was then used to encrypt companies’ data so they could not access it.
If a company did not contact the gang after an attack, the group would proactively contact other employees through email or phone.
According to the FBI, the emails included links to videos presenting the victims’ stolen files.
The gang would then announce the attack on a separate leak page and set a countdown to publicly release the victim data if no ransom was paid.
The total number of businesses and organisations affected is yet to be determined.
Read more cyber security stories here.
