Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025.<\/p>\n
Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability in the ever-evolving cybercrime landscape.<\/p>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgLin2hIZw8I734-uZpnoSIChYBaBPUhMYBl4XwNw6ILK1VX-9IFrjyF9_MABE4qgivbLOD393gStC4_8qYdMMas0vGuz_as7gIjp1jlWOu3juhWLIEGvFHML6We1SohF66zk_TGxYDZjfq_Yi3FlrJRWgUCSZGtvSMpgps7W9yNsX6d3fVmPSc76PXO-U\/s16000\/DragonForce%2520announcement%2520about%2520the%2520shift%2520to%2520a%2520customizable%2520affiliate%2520model%2520%28Source%2520-%2520Secureworks%29.webp?ssl=1\")
DragonForce, which emerged in August 2023 as a traditional ransomware-as-a-service (RaaS) operation, began advertising on underground forums in February 2024.<\/p>\n
By March 2025, their victim count had grown to 136 organizations listed on their leak site.<\/p>\n
The group recently rebranded itself as a \u201ccartel\u201d and announced a shift to a distributed model allowing affiliates to create their own customized \u201cbrands\u201d while leveraging DragonForce\u2019s infrastructure.<\/p>\n
Secureworks Counter Threat Unit (CTU) researchers identified<\/a> that Anubis, another emerging threat, first appeared on underground forums in late February 2025 with a different approach to affiliate recruitment.<\/p>\n Unlike traditional ransomware operations<\/a> focused solely on encryption, Anubis offers three distinct extortion options with varying profit-sharing models, significantly diversifying their attack methodology and potential victim impact.<\/p>\n The ransomware landscape continues to present significant threats to organizations across sectors.<\/p>\n These new affiliate models demonstrate how threat actors adapt their business practices to maintain profitability as victims become more resistant to paying ransoms, potentially leading to more sophisticated and persistent attack campaigns<\/a>.<\/p>\n Anubis distinguishes itself with three distinct operational modes designed to appeal to different types of affiliates.<\/p>\n The first follows the traditional RaaS model involving file encryption, offering affiliates 80% of ransom payments.<\/p>\n The second option, termed \u201cdata ransom,\u201d focuses exclusively on data theft without encryption<\/a>, providing affiliates with 60% of payments.<\/p>\n The third and most innovative approach, \u201caccesses monetization,\u201d assists threat actors in extracting ransoms from victims they\u2019ve already compromised, offering affiliates 50% of collected funds.<\/p>\n The \u201cdata ransom\u201d methodology involves publishing detailed \u201cinvestigative articles\u201d about victims\u2019 sensitive data on password-protected Tor websites.<\/p>\n Victims receive access to review these articles and negotiate payments. Should victims refuse to pay, Anubis escalates pressure through multiple channels, including publishing victim names via X (formerly Twitter) and notifying customers.<\/p>\n Most notably, Anubis threatens to report non-compliant victims to regulatory authorities including the UK Information Commissioner\u2019s Office, U.S. Department of Health and Human Services, and the European Data Protection Board.<\/p>\n This regulatory reporting tactic, while not entirely unprecedented, represents a significant escalation in extortion techniques.<\/p>\n In November 2023, the GOLD BLAZER threat group reported an ALPHV<\/a> (BlackCat) compromise to the U.S. Securities and Exchange Commission after a victim refused payment, demonstrating the growing sophistication of pressure tactics in the ransomware ecosystem.<\/p>\n The post DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZIDccnnwq6b61HvQaFqWBBB_JdCHCHbn7gUrqEtjRZUvfnYqJlnvN2aU-ubuTRPe6IRvGB3_zgqQWJ29wcTobvcS4a5AHCkFhNe_KJKOnUZHjIba84yBJd51TZOApPDy__ih2I8tfJMSIgvyLSSW9wN02VIily-3_0vHeNadiNfuHaUFPp07-aHYnNqY\/s16000\/Advertisement%2520for%2520Anubis%2520accesses%2520monetization%2520service%2520%28Source%2520-%2520Secureworks%29.webp?ssl=1\")
Anubis\u2019s Three-Tiered Extortion Approach<\/strong><\/h2>\n
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!->\u00a0Get Your Free Copy<\/a><\/code><\/strong><\/p>\n