DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists

May 5, 2025, 7:39 p.m.

Description

The DragonForce ransomware group, initially a pro-Palestine hacktivist operation, has evolved into a profit-driven extortion enterprise targeting UK retailers and various global entities. Emerging in August 2023, the group now employs a multi-extortion model, threatening data leaks and reputational damage. Their tactics include phishing, vulnerability exploitation, and credential stuffing for initial access. DragonForce has developed its own ransomware based on leaked LockBit and Conti code, offering customizable payloads for different platforms. Recently, they introduced a 'white-label' service allowing affiliates to disguise attacks under different brands. The group's expansion and self-branding as a 'Ransomware Cartel' indicate a strategic move to elevate their status in the cybercrime landscape.

Date

  • Created: May 3, 2025, 3:28 p.m.
  • Published: May 3, 2025, 3:28 p.m.
  • Modified: May 5, 2025, 7:39 p.m.

Attack Patterns

Additional Informations

  • Retail
  • British Indian Ocean Territory
  • India
  • Saudi Arabia
  • Malaysia
  • United Kingdom of Great Britain and Northern Ireland
  • Israel