Inside the Dragon: DragonForce Ransomware Group

In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid. Author: AlienVault

Related Tags:
DragonForce

T1078.002

T1547.001

T1543.003

conti

LockBit

T1059.001

Transportation

T1078

Associated Indicators:
A50637F5F7A3E462135C0AE7C7AF0D91

97B70E89B5313612A9E7A339EE82AB67

C111476F7B394776B515249ECB6B20E6