Skip to main content

Operator dossier

Dispossessor is a ransomware operator no longer publishing new disclosures. Darkfield has indexed 344 public victims claimed by this operator between April 19, 2024 and August 11, 2024. Dispossessor is a recently emerged ransomware group that began operations in April 2024, primarily motivated by financial gain through extortion campaigns targeting organizations across multiple sectors. The group's country of origin and potential affiliations with other ransomware operations remain unclear based on publicly available intelligence, and there is insufficient documented evidence to confirm whether they operate as a Ransomware-as-a-Service model or as an independent entity. Given the group's recent emergence, detailed technical analysis of their attack methodology, specific initial access vectors, encryption techniques, and data exfiltration practices have not been extensively documented by major cybersecurity firms or law enforcement agencies, though their targeting patterns suggest they employ typical ransomware deployment strategies against business services, healthcare, technology, financial services, and manufacturing sectors. The group has reportedly compromised 344 victims since their emergence, with primary targeting focus on organizations in the United States, Canada, France, the United Kingdom, and India, indicating a preference for English-speaking and Western European targets. As of current reporting, Dispossessor appears to remain active with no documented law enforcement disruption actions or confirmed rebranding activities, though the limited timeframe since their emergence in April 2024 means their operational longevity and persistence remain to be determined.

Most-targeted sectors

Most-affected countries

Recent disclosures by Dispossessor

Most recent 150 of 344 indexed disclosures. Click any row for the full per-victim dossier.

See every disclosure indexed for Dispossessor

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Inactive ransomware operator

All groups

Dispossessor

344 victims indexed · first seen 2 years ago · last activity 2 years ago

344
Victims indexed
#26 of 364 tracked operators
4m
Active period
Apr 2024 → Aug 2024
10
Countries hit
top United States · 66

At a glance

Status
inactive
First seen
2 years ago
Last activity
2 years ago
Onion sites
5 known endpoints
Primary sector
Business Services · 82 hits

About

Dispossessor is a recently emerged ransomware group that began operations in April 2024, primarily motivated by financial gain through extortion campaigns targeting organizations across multiple sectors. The group's country of origin and potential affiliations with other ransomware operations remain unclear based on publicly available intelligence, and there is insufficient documented evidence to confirm whether they operate as a Ransomware-as-a-Service model or as an independent entity. Given the group's recent emergence, detailed technical analysis of their attack methodology, specific initial access vectors, encryption techniques, and data exfiltration practices have not been extensively documented by major cybersecurity firms or law enforcement agencies, though their targeting patterns suggest they employ typical ransomware deployment strategies against business services, healthcare, technology, financial services, and manufacturing sectors. The group has reportedly compromised 344 victims since their emergence, with primary targeting focus on organizations in the United States, Canada, France, the United Kingdom, and India, indicating a preference for English-speaking and Western European targets. As of current reporting, Dispossessor appears to remain active with no documented law enforcement disruption actions or confirmed rebranding activities, though the limited timeframe since their emergence in April 2024 means their operational longevity and persistence remain to be determined.

References

5 links

External sources curated by the MISP threat-intel community.

Timeline

4 months
2024-04-01T00:00:00+00:00 · 3272024-05-01T00:00:00+00:00 · 22024-07-01T00:00:00+00:00 · 82024-08-01T00:00:00+00:00 · 7
2024-04-01T00:00:00+00:002024-08-01T00:00:00+00:00

Top countries

🇺🇸 United States
66
🇨🇦 Canada
11
🇫🇷 France
6
🇮🇳 India
4
🇬🇧 United Kingdom
4
🇹🇼 Taiwan
3
🇶🇦 Qatar
2
Namibia
1

Top sectors

Business Services
82
Healthcare
55
Technology
44
Financial
38
Manufacturing
32
Government
24
Hospitality and Tourism
12
Agriculture and Food Production
11

MITRE ATT&CK

5 techniques · 4 tactics

Tactics

Initial AccessExecutionDefense EvasionImpact

Techniques

  • T1566Phishing
  • T1190Exploit Public-Facing Application
  • T1204User Execution
  • T1027Obfuscated Files or Information
  • T1486Data Encrypted for Impact

Recent victims

Loading…

Onion infrastructure

5 known
  • http://disposessor.com
  • http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion
  • http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion/
  • http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion/back/getallblogs?search=&page=1
  • http://radar.ltd

Source

Updated 2 years ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.

Get alerted the next time Dispossessor posts a victim.

Add Dispossessor to your watchlist — Pro pings you within 5 minutes of any new Dispossessor leak-site post, Telegram callout, or affiliate-rebrand inference.