All news with #dragonforce tag

🔍 DragonForce is a ransomware-as-a-service group that re-emerged in 2023 and has rebranded as a self-described "ransomware cartel," recruiting affiliates with generous revenue shares and customizable encryptors. Recent variants exploit vulnerable drivers like truesight.sys and rentdrv2.sys to disable security controls and shore up earlier encryption flaws. Its partnership with Scattered Spider combines elite social-engineering initial access with deployable ransomware, elevating risk to organizations globally.

🔴 A seasonal surge and new alliances between ransomware groups drove a 41% month-on-month jump in attacks from September to October, NCC Group reports. Qilin was the most active actor, blamed for 170 of 594 incidents (29%), followed by Sinobi and Akira. The rise coincides with LockBit 5.0 realigning with DragonForce and Qilin, and the emergence of newcomers such as The Gentlemen. Organisations are urged to reinforce monitoring, staff awareness, and secure backups ahead of the peak threat season.

🛡️DragonForce, a ransomware operation built from leaked Conti source code, has restructured into a self-styled cartel that recruits affiliates and encourages branded variants. Researchers at Acronis report it retains Conti’s ChaCha20/RSA encryption, SMB-based network spreading, and multiple encryption modes while employing a hidden configuration system. Operators have pursued aggressive tactics — including defacing rival leak sites and aligning with access brokers like Scattered Spider — and have threatened victims with decryptor deletion and data leaks.

🚨 Three major ransomware-as-a-service operators — LockBit, DragonForce, and Qilin — announced a coalition in early September aimed at coordinating attacks and stabilizing market conditions after recent law enforcement disruptions. The groups signaled intentions to reduce intra-group conflicts, share resources, and protect affiliate revenue, and LockBit explicitly authorized targeting certain critical infrastructure sectors. ReliaQuest researchers reviewed forum posts and communications but have not yet observed joint operations or a combined leak site.

🔒 Three major ransomware groups — LockBit, Qilin, and DragonForce — have announced a strategic alliance aimed at sharing techniques, infrastructure, affiliates, and operational resources to amplify extortion campaigns worldwide. The announcement follows LockBit's resurgence and the unveiling of LockBit 5.0, which is advertised to target Windows, Linux, and ESXi systems. Security firms warn the partnership could rebuild affiliate trust, increase attacks on critical infrastructure and diversify threats across multiple industry sectors.