The Godfather of Ransomware? Inside Cartel Ambitions

Feb. 4, 2026, 9:20 p.m.

Description

DragonForce, a ransomware group that emerged in late 2023, has become a significant cyber threat. They employ a dual-extortion strategy, encrypting and exfiltrating data, and have targeted various sectors, particularly manufacturing and construction. The group offers a flexible ransomware-as-a-service platform with advanced features, supporting multiple platforms and encryption modes. DragonForce has announced a shift to a cartel model, allowing affiliates to create their own brands. They've also introduced automated registration for new affiliates and a 'Company Data Audit' service to enhance extortion campaigns. The group has engaged in conflicts with rival ransomware operations and claims to have formed a coalition with other major groups. While their connection to DragonForce Malaysia remains unsubstantiated, technical analysis reveals similarities with other ransomware families and sophisticated attack techniques.

External References

https://otx.alienvault.com/pulse/698329eec78e99f19718ca7c
https://www.levelblue.com/blogs/spiderlabs-blog/the-godfather-of-ransomware-inside-dragonforces-cartel-ambitions
Tags
ransomware
encryption
cybercrime
cross-platform
raas
dragonforce
cartel
dual-extortion
2026-02-04
data-audit

Date

  • Created: Feb. 4, 2026, 11:13 a.m.
  • Published: Feb. 4, 2026, 11:13 a.m.
  • Modified: Feb. 4, 2026, 9:20 p.m.

Indicators

  • c5554ab2ea04e9d938a47b09ea34ebedb46c223a500aa70f08f4b2dc6864bd90
  • 46.29.238.160
  • 87.121.47.15
  • 91.108.244.85
  • 46.29.238.123
  • 95.164.53.64
  • 193.233.175.213
Download all indicators here!

Attack Patterns

  • DragonForce
  • DragonForce

Additional Informations

  • Manufacturing
  • Technology
  • Construction
  • Australia
  • Germany
  • Italy