Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DragonForce Uses Modified Ransomware Tools

September 25, 2024
Reading Time: 2 mins read
in Alerts

The cybercriminal group DragonForce has been launching attacks across industries worldwide, targeting sectors such as manufacturing, real estate, and transportation. According to researchers from Group-IB, DragonForce has been using modified versions of two infamous ransomware variants: LockBit and Conti. The malware used by DragonForce is based on leaked ransomware builders, allowing the group to tailor these tools to their specific needs. LockBit, Conti, and other ransomware families like Babuk are commonly reused and adapted by modern ransomware operators, reflecting a growing trend of cybercriminals leveraging existing ransomware frameworks for new attacks.

DragonForce operates as a ransomware-as-a-service group, selecting affiliates who are experienced in carrying out high-value cyberattacks. These affiliates are offered 80% of the ransom payments in exchange for executing attacks using the group’s customized tools. They are also given the flexibility to adjust various aspects of the ransomware, such as encryption parameters and ransom notes, to suit the target. This approach has allowed DragonForce to scale its operations, making it a significant threat to various organizations globally.

In addition to the ransomware itself, DragonForce employs a double extortion strategy, which involves not only encrypting a victim’s data but also exfiltrating sensitive information with the threat of making it public. This tactic adds considerable pressure on victims, who face the risk of reputational damage, financial loss, and compromised business continuity if the stolen data is leaked. This combination of encryption and data theft is a key element of DragonForce’s attack methodology, amplifying the urgency for victims to pay the ransom to prevent further damage.

Over the past year, Group-IB has tracked DragonForce’s attacks on 82 victims, primarily in the U.S., U.K., and Australia. Some of the group’s notable past targets include Yakult Australia, the Ohio Lottery, and the government of Palau. While Group-IB has not attributed the attacks to any specific country or individuals, there have been previous hints suggesting that DragonForce could be based in Malaysia. The group’s use of sophisticated tools, including the SystemBC backdoor, Mimikatz, and Cobalt Strike, underscores its formidable capabilities in targeting key industries and carrying out complex cyberattacks.

 

Reference:

  • Inside the Dragon: DragonForce Ransomware Group

Tags: ContiCyber AlertsCyber Alerts 2024Cyber threatsDragonForceLockBitMalwaremanufacturingRansomwareReal EstateSeptember 2024Transportation
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial