Global police operation puts a stop to ransomware gang Dispossessor

The FBI and the Bavarian Cybercrime Center, among others, have had a successful investigation against the cyber criminals from Dispossessor.

Save to Pocket listen Print view
Cubes with letters spell out "CYBERCRIME"; a Finge is turning some letters around to make it "CYBERSECURITY".

(Image: Dmitry Demidovich/Shutterstock.com)

2 min. read

Investigators from Germany, England and the USA have succeeded in striking a blow against the people behind the blackmail Trojan Radar/Dispossessor. They claim to have paralyzed the IT infrastructure and arrested several people.

According to a press release issued by the Bavarian Cybercrime Center (ZCB) and the Bavarian State Office of Criminal Investigation (BLKA), the strike against international cybercrime was a complete success and demonstrates the importance of global cooperation in such cases.

Radar/Dispossessor is said to have been operating internationally since August 2023, targeting not only medium-sized companies but also the healthcare sector. This also includes victims from Germany.

The criminals are said to have used security vulnerabilities and weak passwords as gateways. After a successful attack, they are said to have spread through the network (network lateral movement) and, if possible, gained admin rights. The ransomware then encrypted data and the criminals copied internal data. Victims have to pay a ransom to regain access to their data and prevent the internal data from being leaked.

Investigators assume that an attack causes average costs of around 4.5 million euros due to the loss of production and other factors. They state that 17 servers in Germany were confiscated in the course of the operation. The IT infrastructure has since been taken offline. The investigation is still ongoing.

So far, there is no evidence of a decryption tool that would allow victims to access their data again without having to pay a ransom. In the past, security researchers have repeatedly discovered vulnerabilities in encryption and have offered free decryption tools for download.

Victims can check whether decryption tools are already available on the ID Ransomware website. The service is currently checking this for around 1150 blackmail Trojans.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.