(I)IoT Security News
cyber crime, Hacks, News

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement strong cybersecurity strategies to defend against this growing ransomware attack and avoid becoming victims.

Ransomware attacks are growing, leaving organizations vulnerable to new and more sophisticated threats. According to Group-IB’s Hi-Tech Crime Trends 2023/2024 report, ransomware incidents could cause even greater damage in 2024.

One of the most significant emerging threats is the DragonForce ransomware group, which leverages a Ransomware-as-a-Service (RaaS) affiliate program, employing variants of well-known ransomware families to wreak havoc on targeted industries.

DragonForce: A Dual-Ransomware Threat

The DragonForce ransomware group emerged in August 2023, deploying a variant based on LockBit 3.0, a notorious ransomware strain. However, by July 2024, the group introduced a second variant, initially claimed to be their original creation but later found to be a fork of ContiV3 ransomware. These dual ransomware versions are used to exploit vulnerabilities in companies, particularly in sectors like manufacturing, real estate, and transportation.

DragonForce’s attack strategy revolves around double extortion—encrypting data and threatening to leak it unless a ransom is paid. This adds immense pressure on victims to comply, fearing not only operational disruption but also the reputational damage that could arise from exposed sensitive information.

Advanced Tactics for Maximum Damage

According to Group-IB’s research shared with Hackread.com ahead of publication on Wednesday, the DragonForce ransomware gang’s operations are highly customizable, allowing affiliates to configure attacks based on the type of victim.

With its RaaS affiliate program, launched on June 26, 2024, DragonForce ransomware offers attackers the ability to personalize ransomware payloads. Affiliates can disable security features, set encryption parameters, and even customize ransom notes. In return, affiliates receive 80% of any ransom collected.

DragonForce employs a variety of advanced techniques for evasion and persistence. One of their key tactics is “Bring Your Own Vulnerable Driver” (BYOVD), where affiliates use vulnerable drivers to disable security processes and evade detection. Additionally, they clear Windows Event Logs after encryption to hinder forensic investigations.

For lateral movement, the group uses tools like Cobalt Strike and SystemBC, both of which allow them to harvest credentials and persist in networks. They also use network scanning tools like SoftPerfect Network Scanner to map out networks, helping spread the ransomware to as many devices as possible.

Targeted Attacks and Global Reach

Between August 2023 and August 2024, DragonForce listed 82 victims on its dark web leak site. Most attacks were concentrated in the U.S. (52.4%), followed by the U.K. and Australia. The manufacturing sector suffered the highest number of attacks, with real estate and transportation industries close behind.

In addition to their use of ContiV3 and LockBit variants, DragonForce’s ability to adapt to new affiliate demands makes them a rapidly growing threat. By targeting high-revenue companies and critical sectors, they continue to increase their foothold in the cybercrime infrastructure.

What Can Businesses Do?

To combat these sophisticated attacks, businesses need to adopt more proactive and layered security measures. Here are some critical steps:

While DragonForce ransomware expands its RaaS operation, businesses must remain alert and implement proper cybersecurity strategies to avoid becoming victims of this and other dangerous threats.

Source:

Related posts

Weintek EasyWeb cMT

(I) IoT
4 years ago

Siemens Industrial Products (Update Q)

(I) IoT
4 years ago

Siemens SIMOCODE pro V EIP

(I) IoT
6 years ago
Exit mobile version