[Watch in the player above: What to do after a data breach]
CLEVELAND (WJW) — The Federal Bureau of Investigation’s Cleveland office on Monday announced the disruption of a criminal ransomware group which operated using servers and domains in the U.S. and two other countries.
The group Radar/Dispossessor, formed in August 2023, used ransomware in attacks against at least 43 small to mid-sized businesses in 13 countries, according to a Monday news release from the FBI.
Ransomware is malicious software that essentially locks up and holds computer systems hostage until the victim pays a ransom.
The group’s ransomware used a “dual-extortion model,” according to the FBI. It not only encrypted the victims’ data but also copied then removed it from their systems, allowing the group to “re-victimize” their targets by threatening to destroy the data or leak it to the public.
The group identified vulnerable computer systems with weak passwords or a lack of two-factor authentication — a safety measure which requires a second method of login verification like a text message or email.
They would then call or email company employees and send them links to videos presenting their stolen data “with the aim of increasing the blackmail pressure and increasing the willingness to pay,” reads the release.
They then showed the victims a website that would leak their data, demanding ransom payment before its countdown expired.
The group’s leader goes by the online name “Brain,” according to the release.
The group’s network, now dismantled by the FBI, included three servers in the U.S. three in the U.K. and 18 in Germany as well as eight criminal domains based in the U.S. and one in Germany, according to the release.
Federal agents worked alongside Northern Ohio’s U.S. Attorney’s Office, the National Crime Agency and Bavarian authorities in the takedown, according to the release.
The group’s ransomware has many variants, so it’s still unknown just how many businesses or organizations have been affected by it, according to the release.
Anyone with information about Radar Ransomware or the group’s leader “Brain,” or whose business or organization has been targeted by ransomware or is currently paying a ransom to an online extortionist, is urged to contact the FBI’s Internet Crime Complaint Center by visiting ic3.gov or calling 1-800-CALL-FBI (1-800-225-5324).
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. For the latest news, weather, sports, and streaming video, head to WKBN.com.