What is going on on?
A comparatively new pressure of ransomware known as DragonForce has making the headlines after a sequence of high-profile assaults.
Like many different ransomware teams, DragonForce makes an attempt to extort cash from its victims in two methods – locking corporations out of their computer systems and information by encryption, and exfiltrating information from compromised techniques with the specter of releasing it to others through the darkish net.
To date, so regular. How did DragonForce come to prominence?
DragonForce’s earliest identified ransomware assault was towards the Ohio Lottery. In that case, DragonForce boasted it had stolen over 600 GB of information – together with three million information containing names, electronic mail addresses, social safety numbers, and different delicate info.
Different claimed victims have included Yakult Australia (95.19 GB of firm information breached), and Coca-Cola in Singapore (413.92 GB.)
Did not in addition they hit some island lately?
You have to be pondering of the island of Palau within the Western Pacific.
In mid-March 2024, the federal government of Palau was hit by a ransomware assault that locked up computer systems. Bizarrely, ransom notes from two hacking gangs have been left behind – one from LockBit and one from DragonForce.
As Recorded Future stories, the ransom notes gave the federal government differing directions on the best way to talk with the attackers, however the Tor hyperlinks supplied didn’t work.
On its darkish net leak website, the DragonForce ransomware gang threatened to launch info stolen from the island’s authorities, stating that negotiations had damaged down. Palauan authorities, nevertheless, denied having made any contact with the cybercriminals.
That is peculiar. What else ought to I find out about DragonForce?
Properly, in one other weird twist, the DragonForce ransomware gang has lately been reported as publishing audio of its discussions with victims on its leaks website.
Audio?
Sure. As TechCrunch stories, a phone dialog between a member of the gang and considerably baffled entrance desk workers was posted on the group’s web site in an obvious try and strain an organization into paying a ransom.
DragonForce sounds somewhat determined if it has to telephone its victims to provoke negotiations…
It does relatively. However that does not imply that they can not nonetheless trigger numerous hurt and disruption if you’re unfortunate sufficient to be hit by the group’s ransomware.
So, who’s behind the DragonForce ransomware?
Though it’s unsure who’s chargeable for the DragonForce ransomware assaults, some within the cybersecurity neighborhood have linked the ransomware to the Malaysian hacking group and discussion board known as DragonForce Malaysia.
The same names shouldn’t, in fact, be thought of proof of a connection – and it is all the time attainable that the identify of DragonForce has been chosen deliberately by the ransomware gang to guide investigators off the scent, or as a chunk of mischief-making. Or possibly it is merely coincidence…
Though there are some weird points to DragonForce, it nonetheless seems like I ought to take the risk significantly.
My advice can be to take any ransomware group significantly. In case your organisation falls sufferer then the implications might be very pricey.
What ought to we do to guard our enterprise from ransomware?
Your organisation ought to comply with protected computing practices to defend towards DragonForce and different ransomware assaults. These embody:
- making safe offsite backups.
- working up-to-date safety options and guaranteeing that your computer systems are protected with the most recent safety patches towards vulnerabilities.
- Prohibit an attacker’s capability to unfold laterally by your organisation through community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate information and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate information wherever attainable.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing workers concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal information.
Keep protected.
Editor’s Observe: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.
