In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid. Author: AlienVault
Related Tags:
DragonForce
T1078.002
T1547.001
T1543.003
conti
LockBit
T1059.001
Transportation
T1078
Associated Indicators:
A50637F5F7A3E462135C0AE7C7AF0D91
97B70E89B5313612A9E7A339EE82AB67
C111476F7B394776B515249ECB6B20E6