Malaysian DragonForce Ransomware Makes a Statement
Newcomer DragonForce made a statement recently by attacking and infiltrating 2 US targets. These are Westward360 and Compression Leasing Services, each losing between 11 GB and 41 GB of confidential data.
- Neither of those affected by the attacks have commented on the events
- DragonForce posted the evidence of the breaches on their public network and gave the victims a deadline to complete the negotiations
- Neither the value of the ransom nor the terms of negotiations are known
- DragonForce is a novel entry in the ransomware industry, but one that’s already making waves
The organization is too young for investigative agencies to have a clear understanding about its systems, structures, tactics, or history. What it is known is that the group first hit the public stage in December of 2023 and that it has been extremely active since.
According to some of the victims, the organization operates based on the double-extortion technique, which is widespread in the ransomware sphere. The attacker will both encrypt the victim’s files and clone and download them illicitly.
It will then use the stolen data to blackmail the victim into paying the ransom. If not, the data will be leaked publicly, which has the potential to ruin the victim’s reputation. Despite that, most still refuse to pay and prefer to deal with the fallout than feed cybercriminals.
Which is exactly what cybersecurity experts advise anyway.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
What Do We Know About DragonForce?
In short: not much. DragonForce is one of the newest hackers on the block. The organization appeared suddenly and flew under the radar for a while, until the first operation took place. The earliest known hacking job was against the Ohio Lottery.
During that particular incident, DragonForce managed to steal upwards of 600 GB of data, which included around 3 million records with names, email addresses, social security numbers, etc. Ohio Lottery didn’t confirm the leak, but did acknowledge the attack.
This particular incident showcased the group’s potential and resourcefulness, as it targeted a high-value target and managed to inflict so much damage. It’s unclear whether the Ohio Lottery was asked to pay a ransom or the attackers kept the loot for free.
Since then, DragonForce was only involved in a handful of attacks, but they got increasingly more damaging. These recent breaches fall into the same category, as they showcase the organization’s scary potential.
When it comes to DragonForce’s identity, history, and structure, relevant investigation agencies have come empty-handed so far. One theory that does circulate around, though, is that DragonForce has been sharing systems and workforce with Lockbit.
Lockbit is currently the biggest, most well-funded, and most dangerous ransomware actor in the world, with close to 2,000 victims worldwide and near $100 million in revenue. The idea that DragonForce could be linked to Lockbit is worrying.
To say the least.
However, nothing has been confirmed so far. What it is known is that Despite starting slow, DragonForce has accumulated over two dozen victims over the span of several months. And it doesn’t seem to stop anytime soon.