Expropriator ransomware group shut down by US and European authorities

BERLIN (Reuters) – The global cybercrime group Radar/Dispossessor that targeted at least dozens of companies in the healthcare and transportation sectors has been dismantled, U.S. and German authorities said on Tuesday.

Founded in August 2023 and led by the online brand “Brain”, the group targeted small and medium-sized businesses, initially focusing on the US and then expanding globally

The investigation revealed that 43 companies from countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates and Germany were victims.

The group’s representatives say it is very likely that a large number of companies that are not yet known to authorities have also been affected. They added that in the US, the group’s attacks have also affected hospitals.

Vulnerable computer systems, weak passwords and a lack of two-factor authentication provided a backdoor to the company’s IT systems, where data could be held for ransom, they said.

Authorities said the group’s servers and domains in Germany, the US and the UK had been dismantled.

According to German authorities, twelve suspects have been identified, coming from Germany, Ukraine, Russia, Kenya, Serbia, Lithuania and the United Arab Emirates.

They added that they are now focusing on identifying additional suspects and obtaining information about other companies that have been attacked.

(Reporting by Hans Busemann and Miranda Murray, editing by Rachel More)