Description
In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 27, 2024, 1:43 p.m. | Sept. 27, 2024, 1:43 p.m. | Sept. 27, 2024, 2:11 p.m. |
Attack Patterns
Conti
LockBit
DragonForce
T1078.002
T1543.003
T1059.001
T1547.001
T1078
Additional Informations
Healthcare
Transportation
Manufacturing