Inside the Dragon: DragonForce Ransomware Group
Sept. 27, 2024, 2:11 p.m.
Tags
External References
Description
In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid.
Date
Published: Sept. 27, 2024, 1:43 p.m.
Created: Sept. 27, 2024, 1:43 p.m.
Modified: Sept. 27, 2024, 2:11 p.m.
Indicators
185.59.221.75
69.4.234.20
2.147.68.96
94.232.46.202
185.73.125.8
Attack Patterns
Conti
Lockbit
DragonForce
T1078.002
T1543.003
T1059.001
T1547.001
T1078
Additional Informations
Healthcare
Transportation
Manufacturing