DragonForce Ransomware Reportedly Compromised Over 120 Victims within the Previous Yr

DragonForce, a ransomware group first recognized in fall 2023, has claimed over 120 victims up to now yr, marking its speedy ascent as a formidable participant within the ransomware ecosystem.

Initially working beneath a Ransomware-as-a-Service (RaaS) mannequin, DragonForce has since pivoted to a ransomware cartel construction, as introduced in March 2025 on its information leak website.

This strategic shift, coupled with its increasing affiliate community and tactical partnerships, positions DragonForce as a crucial menace to observe in 2025.

A Rising Menace within the Ransomware Ecosystem

The group has focused organizations throughout numerous industries, together with manufacturing, development, know-how, healthcare, and retail, in nations reminiscent of the USA, Italy, and Australia.

Their encryptors goal Home windows, Linux, and ESXi environments, demonstrating a flexible and complex assault arsenal.

DragonForce’s operational techniques reveal a calculated strategy to maximise influence and affect.

The group has proven adaptability by evolving its ransomware variants, initially mirroring traits of LockBit 3.0 in late 2023 and adopting a Conti variant by mid-2024 beneath its RaaS mannequin.

Their assault methodology consists of exploiting vulnerabilities reminiscent of CVE-2024-21412, CVE-2024-21887, and CVE-2024-21893 for preliminary entry, alongside phishing and credential stuffing.

Operational Ways

Submit-access, DragonForce employs strategies like Dwelling Off the Land (LotL) utilizing authentic instruments reminiscent of Schtasks.exe and Taskkill.exe for persistence, whereas leveraging Distant Monitoring and Administration (RMM) instruments like SimpleHelp for lateral motion inside networks.

Their ransomware appends the “.dragonforce_encrypted” extension to compromised information and points detailed ransom notes demanding funds starting from tons of of 1000’s to hundreds of thousands of {dollars}, tailor-made by meticulous analysis of victims’ income.

A notable occasion concerned a $7 million ransom demand in 2024, underscoring their monetary motivations over geopolitical agendas, distinguishing them from hacktivist teams regardless of historic associations with a Malaysian entity of the identical title.

Additional amplifying their menace profile, DragonForce maintains an information leak website that includes the DragonNews weblog, the place stolen information particulars and publication deadlines are posted to strain victims.

In accordance with Bitdefender Report, their strategic collaborations or coerced partnerships embrace interactions with teams like RansomHub and Scattered Spider, typically utilizing social engineering for preliminary entry.

Intriguingly, DragonForce has been linked to the takedown of opponents like RansomHub and LockBit, with actions reminiscent of defacing rival information leak websites and mocking messages left on compromised infrastructure, hinting at a broader objective of dominance inside the ransomware sphere.

By providing associates 80% of income and complete infrastructure assist together with automation, petabyte-scale storage, and superior encryption for a number of platforms DragonForce not solely attracts companions but in addition exerts management, doubtlessly terminating providers to non-aligned actors.

This mix of technical prowess and strategic aggression suggests a nuanced agenda of energy consolidation over mere monetary achieve, particularly amidst speculations of Russian-aligned pursuits and infrastructure ties.

As DragonForce continues to refine its encryption strategies, drawing from public decryptor insights like Akira’s GPU cluster strategies, the cybersecurity neighborhood braces for escalated challenges in mitigating this evolving menace.

Indicators of Compromise (IOCs)

To Improve Your Cybersecurity Abilities, Take Diamond Membership With 150+ Sensible Cybersecurity Programs On-line – Enroll Right here