FBI disrupts the Dispossessor ransomware operation, seizes servers

FBI disrupts the Dispossessor ransomware operation, seizes servers

August 12, 2024 at 05:56PM

The FBI, in a joint international investigation with UK and German law enforcement agencies, seized servers and websites of the Radar/Dispossessor ransomware operation. The operation targeted small to mid-sized businesses globally, breaching networks and deploying ransomware. The FBI has urged past victims to share information and has been targeting various cybercrime activities.

Key Takeaways from Meeting Notes:

1. The FBI, in collaboration with international law enforcement agencies, successfully seized the servers and websites of the Radar/Dispossessor ransomware operation.

2. The joint operation involved the cooperation of the U.K.’s National Crime Agency, the Bamberg Public Prosecutor’s Office, and the Bavarian State Criminal Police Office (BLKA).

3. A total of three U.S. servers, three U.K. servers, and 18 German servers were seized, along with eight U.S.-based domains and one German-based domain, including radar[.]tld, dispossessor[.]com, cybernewsint[.]com, cybertube[.]video, and dispossessor-cloud[.]com.

4. The Dispossessor ransomware, led by threat actor “Brain,” has targeted small to mid-sized businesses globally since August 2023, impacting companies in the U.S., Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany.

5. The FBI identified 43 victims of Dispossessor attacks, with the ransomware gang exploiting vulnerabilities, weak passwords, and the lack of multi-factor authentication to breach networks, steal data, and deploy ransomware.

6. The ransomware group engages in proactive communication with victim companies, contacting them via email or phone call and sharing stolen files on video platforms if the ransom is not paid.

7. Dispossessor also engages in reposting old data stolen during LockBit ransomware attacks and has attempted to sell leaks from other ransomware operations on various breach markets and hacking forums.

8. Since June 2024, the threat actors have utilized the leaked LockBit 3.0 encryptor for their encryption attacks, expanding the scope of their operations.

9. In addition to the Dispossessor operation, law enforcement has targeted various other cybercrime activities including cryptocurrency scams, malware development, phishing attacks, credential theft, and other ransomware groups such as ALPHV/Blackcat, LockerGoga, MegaCortex, HIVE, Dharma, Ragnar Locker, and Hive ransomware.

Full Article