In a recent cyber attack, the DragonForce ransomware group targeted Elite Fitness, a leading fitness equipment retailer in Dunedin, New Zealand. This attack, leveraging locker malware based on the leaked LockBit 3.0 ransomware builder, resulted in the theft of 5.31 gigabytes of sensitive data. Elite Fitness confirmed the breach, noting that it caused a disruption in services and a delay in billing and patient care, impacting a small number of customers and staff.
The ransomware group, which emerged in November 2023, has been active in several high-profile attacks. DragonForce previously compromised Yakult Australia, stealing 95GB of data, and also claimed responsibility for a significant data breach involving Coca-Cola Singapore, where over 400GB of data was stolen. Their most notable attack was against the Ohio Lottery, where they stole 1.5 million records amounting to 90GB of data, affecting around 538,000 individuals.
DragonForce’s ransomware, based on the leaked LockBit 3.0 builder, shows notable similarities in its code structure and functionality to the original ransomware. After encrypting files on a compromised system, the malware renames files with random strings and appends the .AoVOpni2N extension. It also drops a ransom note named AoVOpni2N.README.txt in each directory it accesses.
Despite sharing a name with the Malaysian hacktivist group DragonForce Malaysia, cybersecurity experts have found no evidence linking the ransomware group to the Malaysian hacktivists. The use of the same name could be a deliberate attempt to mislead investigators or simply a coincidence. The DragonForce group continues to pose a significant threat with its sophisticated ransomware attacks.