1. Forum
  2. Fidonet
  3. CONSPRCY

  • DragonForce ransomware gr

    From Mike Powell@1:2320/105 to All on Tue Apr 29 09:35:00 2025
    DragonForce ransomware group evolves new cartel business model

    Date:
    Mon, 28 Apr 2025 17:16:00 +0000

    Description:
    Attackers are now able to buy their ransomware and rebrand it, avoiding all
    the infrastructure logistics that go with it.

    FULL STORY

    Inspired by drug gangs, ransomware group DragonForce is bringing a new
    business model to the ransomware scene, and it involves cooperating with
    other ransomware gangs.

    DragonForce has now been observed offering a white-label affiliate model, allowing others to use their infrastructure and malware while branding
    attacks under their own name.

    With this model, affiliates won't need to manage the infrastructure and DragonForce will take care of negotitation sites, malware develpoment and
    data leak sites.

    DragonForce evolves the ransomware scene with a new business model

    "Advertised features include administration and client panels, encryption and ransom negotiation tools, a file storage system, a Tor-based leak site and .onion domain, and support services," cybersecurity researchers from Secureworks explained.

    Secureworks explained that, in a March 2025 underground post, DragonForce rebranded itself as a "cartel," announcing a shift to a distributed model. DragonForce first appeared in August 2023.

    Anubis, a much newer ransomware group that's been operating since December 2024, has also launched its own affiliate scheme, including a traditional ransomware-as-a-service product that nets affiliates 80% of their ransoms.

    Much like artificial intelligence has already democratized access to coding, these models are further extending access to ransomware, meaning that less technical threat actors can target victims. The flexibility and reduced operational burdens are also key selling points.

    The exact number of affiliates using these schemes is virtually untraceable, however Bleeping Computer has reported that RansomBay has already joined DragonForce's scheme.

    "Cybercriminals are motivated by financial gain, so they are adopting innovative models and aggressive pressure tactics to shift the trend in their favor," Secureworks added.

    The usual principles apply when it comes to protecting yourself from any type of ransomware regularly patching internet-facing devices, implementing phishing-resistant multi-factor authentication (MFA), maintaining robust backups and monitoring networks for malicious activity are all important
    steps to take.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/dragonforce-ransomware-group-evolves-ne w-cartel-business-model

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)