Introduction
Dispossessor, active since August 2023, was a data-extortion ransomware-as-a-service group led by the moniker “Brain”. The group quickly expanded from U.S.-focused attacks to target small and mid-sized organizations globally—across sectors like healthcare, finance, transportation, education, and manufacturing. Their tactics included exploiting weak passwords and lack of multifactor authentication to gain access, followed by data exfiltration and staged extortion: victims were contacted via email or phone with links to proof-video platforms, and exposed on Tor-based leak sites if no payment was made. Many of the organizations targeted (approximately 43 identified) were across diverse countries including the U.S., Canada, Brazil, India, Germany, and more. By mid-2024, international law enforcement—including the FBI, UK National Crime Agency, and German agencies—successfully dismantled their infrastructure.
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.