Subj : DragonForce ransomware gr
To   : All
From : Mike Powell
Date : Tue Apr 29 2025 09:35 am

DragonForce ransomware group evolves new cartel business model

Date:
Mon, 28 Apr 2025 17:16:00 +0000

Description:
Attackers are now able to buy their ransomware and rebrand it, avoiding all
the infrastructure logistics that go with it.

FULL STORY

Inspired by drug gangs, ransomware group DragonForce is bringing a new
business model to the ransomware scene, and it involves cooperating with
other ransomware gangs.

DragonForce has now been observed offering a white-label affiliate model,
allowing others to use their infrastructure and malware while branding
attacks under their own name.

With this model, affiliates won't need to manage the infrastructure and
DragonForce will take care of negotitation sites, malware develpoment and
data leak sites.

DragonForce evolves the ransomware scene with a new business model

"Advertised features include administration and client panels, encryption and
ransom negotiation tools, a file storage system, a Tor-based leak site and
.onion domain, and support services," cybersecurity researchers from
Secureworks explained.

Secureworks explained that, in a March 2025 underground post, DragonForce
rebranded itself as a "cartel," announcing a shift to a distributed model.
DragonForce first appeared in August 2023.

Anubis, a much newer ransomware group that's been operating since December
2024, has also launched its own affiliate scheme, including a traditional
ransomware-as-a-service product that nets affiliates 80% of their ransoms.

Much like artificial intelligence has already democratized access to coding,
these models are further extending access to ransomware, meaning that less
technical threat actors can target victims. The flexibility and reduced
operational burdens are also key selling points.

The exact number of affiliates using these schemes is virtually untraceable,
however Bleeping Computer has reported that RansomBay has already joined
DragonForce's scheme.

"Cybercriminals are motivated by financial gain, so they are adopting
innovative models and aggressive pressure tactics to shift the trend in their
favor," Secureworks added.

The usual principles apply when it comes to protecting yourself from any type
of ransomware  regularly patching internet-facing devices, implementing
phishing-resistant multi-factor authentication (MFA), maintaining robust
backups and monitoring networks for malicious activity are all important
steps to take.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/dragonforce-ransomware-group-evolves-ne
w-cartel-business-model

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.