DragonForce, a sophisticated ransomware operation that emerged in fall 2023, has established itself as a formidable threat in the cybercriminal landscape by claiming over 120 victims across the past year.<\/p>\n
Unlike traditional ransomware-as-a-service models, this threat actor has evolved into what security experts term a \u201cransomware cartel,\u201d fundamentally changing how cybercriminal operations are structured and executed.<\/p>\n
The group has demonstrated remarkable adaptability, initially operating with ransomware<\/a> that shared characteristics with LockBit 3.0 before transitioning to a Conti variant during summer 2024.<\/p>\n DragonForce has strategically targeted organizations across diverse sectors including manufacturing, construction, technology, healthcare, and retail, with victims spanning the United States, Italy, and Australia.<\/p>\n Their ransom demands reflect sophisticated victim research, ranging from hundreds of thousands to millions of dollars, with one documented case demanding $7 million from a compromised organization.<\/p>\n Bitdefender researchers identified<\/a> DragonForce\u2019s unique operational model, which distinguishes it from conventional ransomware groups through its cartel-like structure and infrastructure provision services.<\/p>\n The group offers affiliates an unprecedented 80% profit share while providing comprehensive operational support including blog management, file servers, admin panels, 24\/7 monitoring, and petabytes of storage capacity.<\/p>\n This approach allows DragonForce<\/a> to maintain control over allied groups\u2019 resources while eliminating potential competitors.<\/p>\n The threat actor has demonstrated concerning geopolitical connections, utilizing Russian-linked infrastructure and facing accusations from RansomHub members of associating with the FSB.<\/p>\n Their operational sophistication extends to their data leak site, which features victim listings, stolen data previews, and countdown timers for publication deadlines.<\/p>\n Recent activities suggest DragonForce may be consolidating power within the ransomware ecosystem, potentially compromising rival groups including LockBit<\/a>.<\/p>\n DragonForce employs sophisticated technical mechanisms that enable persistent access and comprehensive system compromise.<\/p>\n The group exploits multiple critical vulnerabilities including CVE-2024-21412, CVE-2024-21887, and CVE-2024-21893 to establish initial footholds in target networks.<\/p>\n Their persistence strategy heavily relies on Living Off the Land techniques, leveraging legitimate executables such as Schtasks.exe and Taskkill.exe to maintain access while avoiding detection.<\/p>\n The ransomware\u2019s encryption capabilities span multiple platforms with specialized variants for Windows, Linux, ESXi, BSD, and NAS systems.<\/p>\n Their encryptors support various encryption modes including band-pass, percentage, header, and normal encryption, with multithreading capabilities for enhanced performance.<\/p>\n Upon successful execution, the malware<\/a> appends .dragonforce_encrypted extensions to compromised files.<\/p>\n The group has incorporated lessons from previous ransomware operations, particularly regarding GPU cluster decryption methods, to strengthen their encryption algorithms and file recovery prevention mechanisms across different operating systems.<\/p>\n Speed up and enrich threat investigations with Threat Intelligence Lookup! ->\u00a050 trial search requests<\/strong><\/a><\/strong><\/p>\n The post DragonForce Ransomware Claimed To Compromise Over 120 Victims in The Past Year<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMeQSjBZ7ns_-HHzq33Tl9FOFWipuy-XMidSx06brQwIOKIi2z016xn_IwKoLquQLpeUYeVO-oiAyoRfY7HSo-Tqm9UsBrmmRjj1KqinzH7XimkmL1FybGi229syWnVie9zzWoSaF01-3knOkNRMtqCbo0T4FbVHVmfrdMEbLJvauYY7K0Y8HYvDtQk2U\/s16000\/DragonForce%2520banner%2520%28Source%2520-%2520Bitdefender%29.webp?ssl=1\")
Advanced Evasion and Encryption Capabilities<\/strong><\/h2>\n