Inside the Dragon: DragonForce Ransomware Group

Sept. 27, 2024, 2:11 p.m.

Description

In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid.

External References

https://www.group-ib.com/blog/dragonforce-ransomware/
https://otx.alienvault.com/pulse/66f6b69a252c15406f138d12
Tags
2024-09-27
dragonforce
lockbit3.0

Date

  • Created: Sept. 27, 2024, 1:43 p.m.
  • Published: Sept. 27, 2024, 1:43 p.m.
  • Modified: Sept. 27, 2024, 2:11 p.m.

Indicators

  • 185.59.221.75
  • 69.4.234.20
  • 2.147.68.96
  • 94.232.46.202
  • 185.73.125.8
Download all indicators here!

Attack Patterns

  • Conti
  • Lockbit
  • DragonForce

Additional Informations

  • Healthcare
  • Transportation
  • Manufacturing