HQ/EMEAFind out how we can help your business
Earlier this week, the FBI stated that it had seized the Dispossessor ransomware operation’s servers and websites following a coordinated international investigation with other authorities.
This federal law enforcement agency conducted the joint operation with the National Crime Agency of the United Kingdom, the Bavarian State Criminal Police Office (BLKA), and the Bamberg Public Prosecutor’s Office.
This operation successfully confiscated three servers of the ransomware campaign in the United States and three in the United Kingdom. The confirmed servers taken down during the operation are radar[.] tld, dispossessor[.]com, cybernewsint[.]com (a false news site), cybertube[.]Video (a fake video site), and dispossessor-cloud[.]com. These sites are among the 18 German servers, eight domains based in the United States, and one in Germany.
The Dispossessor ransomware has been targeting medium-sized businesses for almost a year now.
According to reports, the Dispossessor ransomware, headed by a threat actor known as Brain, has targeted small to medium-sized businesses in various industries worldwide since August last year.
This campaign has claimed responsibility for the attacks on dozens of companies in the United States, India, Canada, the United Kingdom, the United Arab Emirates, Germany, and more.
In addition, the FBI explains that the ransomware group infiltrates networks by exploiting vulnerabilities, using weak passwords, and failing to configure MFA on accounts. Subsequently, the hackers steal data and use ransomware to encrypt the company’s devices after accessing the victim’s network.
Once the attackers obtain access to the computers, they will acquire admin rights and can readily view device contents. Additionally, they can also launch ransomware to encrypt targeted data. As a result, infected companies will be restricted from accessing their data.
If the company was attacked and they did not communicate with the threat actor, the gang would notify others in the victim’s company via email or phone call. The emails also contained URLs to video platforms where the previously stolen data had been displayed.
Thus, the FBI urge previous victims or anyone targeted to provide information about the Dispossessor gang to uncover more details about its entire operation. As of now, the confirmed information on this cybercriminal group is that it previously operated as an extortion gang, reposting outdated material obtained from LockBit ransomware operations, with which it claimed to be affiliated.
