DragonForce Ransomware Hits 120 Victims in One Year

DragonForce, a ransomware group that surfaced in late 2023, has claimed responsibility for over 120 cyberattacks globally, establishing itself as a major player in the cybercrime ecosystem. According to Bitdefender, the group has evolved beyond the traditional ransomware-as-a-service model into a cartel-like structure, offering affiliates up to 80% of ransom proceeds and centralized resources such as file servers, admin panels, and 24/7 monitoring.

The group has targeted organizations in industries including manufacturing, healthcare, technology, and retail, with victims located in the U.S., Italy and Australia. Ransom demands have ranged from hundreds of thousands to as high as $7 million.

DragonForce initially used LockBit-style ransomware before shifting to a Conti variant by mid-2024. It exploits vulnerabilities like CVE-2024-21412 and employs sophisticated encryption across multiple platforms. Its infrastructure and alleged geopolitical links, including Russian affiliations, have raised additional concerns within the cybersecurity community. DragonForce also reportedly seeks to absorb rival groups, including LockBit.