On August 12th, FBI Cleveland announced they have successfully taken down the Dispossessor Ransomware group. They seized three servers located in the US, three in the UK, 18 in Germany, and nine domains connected to the group. After the seizure, it was revealed that the group is led by someone using the moniker "Brain." Ransomware monitoring services says that the group has attacked 344 companies.
Dispossessor, also known as Radar, came onto the scene in August of 2023. They targeted small to medium-sized corporations. They follow the dual-extortion model in which they exfiltrate valuable data to hold for ransom as well as encrypt the victim's environment.
How did they start?
As I stated before, they first emerged onto the scene in August of last year (2023). They first started to gain traction in December of 2023 on BreachForums under the user "DISPOSSESSOR".
Their first post was on December 21st, 2023, when they were looking to purchase USA and Canada logs. Dispossessor strikes me as very unprofessional, asking for help on BreachForums seems to be a recurring theme for them.
Dispossessor had a second account on the forum, "RADAR". Same rhetoric again with this account. They don't strike me as a very structured group.
Fake Victims
If you take a look at their leak site using the Way Back Machine or using a Ransomware monitoring service, their leaks start to look suspicious. They were reposting victims from other groups like LockBit and Cl0p.
X user @ransomfeednews has this to say about Dispossessor. "In light of everything, from our point of view it is not ransomware, but a group of scoundrels trying to monetize (on nothing) using the claims of other groups."
Thank you to @riddle on X for helping me with this post.