Global police operation puts a stop to ransomware gang Dispossessor

Investigators from Germany, England and the USA have succeeded in striking a blow against the people behind the blackmail Trojan Radar/Dispossessor. They claim to have paralyzed the IT infrastructure and arrested several people.

Background

According to a press release issued by the Bavarian Cybercrime Center (ZCB) and the Bavarian State Office of Criminal Investigation (BLKA), the strike against international cybercrime was a complete success and demonstrates the importance of global cooperation in such cases.

Radar/Dispossessor is said to have been operating internationally since August 2023, targeting not only medium-sized companies but also the healthcare sector. This also includes victims from Germany.

Course of attacks

The criminals are said to have used security vulnerabilities and weak passwords as gateways. After a successful attack, they are said to have spread through the network (network lateral movement) and, if possible, gained admin rights. The ransomware then encrypted data and the criminals copied internal data. Victims have to pay a ransom to regain access to their data and prevent the internal data from being leaked.

Investigators assume that an attack causes average costs of around 4.5 million euros due to the loss of production and other factors. They state that 17 servers in Germany were confiscated in the course of the operation. The IT infrastructure has since been taken offline. The investigation is still ongoing.

So far, there is no evidence of a decryption tool that would allow victims to access their data again without having to pay a ransom. In the past, security researchers have repeatedly discovered vulnerabilities in encryption and have offered free decryption tools for download.

Victims can check whether decryption tools are already available on the ID Ransomware website. The service is currently checking this for around 1150 blackmail Trojans.

(des)