DragonForce Ransomware Group is Targeting Saudi Arabia

Description

DragonForce ransomware has targeted organizations in Saudi Arabia, with a significant data leak from a Riyadh real estate and construction company. The group exfiltrated over 6 TB of data, setting a deadline just before Ramadan. DragonForce operates on a RaaS model, offering high commission rates for affiliates and supporting various platforms. They use advanced techniques, including a customized CAPTCHA filter and encrypted communications. The group's builder offers flexibility in payload configuration, and they leverage legitimate tools for file transfers. DragonForce employs a dual extortion strategy and has been observed using specific CVEs for network infiltration. The targeting of Saudi Arabia raises concerns about critical infrastructure security in the region.