DragonForce, initially reliant on LockBit 3.0 for encryptors, transitioned to a customized Conti v3 codebase, marking a significant evolution into a ransomware cartel by early 2025. This transformation allows affiliates to leverage an extensive infrastructure, facilitating rapid recruitment and deployment of ransomware payloads. DragonForce provides comprehensive resources, including automated systems and 24/7 monitoring, supporting various platforms like Windows and Linux.
The cartel’s sophisticated attack methods are demonstrated through its partnership with Scattered Spider, which specializes in social engineering. After compromising employee credentials via phishing attacks, DragonForce employs advanced techniques, such as remote monitoring implementations and targeted reconnaissance, to maximize encryption success. Its malware utilizes advanced encryption mechanisms, including ChaCha20, reinforcing security practices in response to vulnerabilities discovered in other ransomware like Akira.
As of late 2023, DragonForce has attacked over 200 victims across sectors like retail and insurance. The collaboration with Scattered Spider in notable incidents, such as the Marks & Spencer attack, underscores the operational effectiveness of this emerging cartel structure in the ransomware landscape.
👉 Pročitaj original: Cyber Security News
