What is going on on?
A comparatively new pressure of ransomware referred to as DragonForce has making the headlines after a sequence of high-profile assaults.
Like many different ransomware teams, DragonForce makes an attempt to extort cash from its victims in two methods – locking corporations out of their computer systems and knowledge by means of encryption, and exfiltrating knowledge from compromised programs with the specter of releasing it to others through the darkish net.
To date, so regular. How did DragonForce come to prominence?
DragonForce’s earliest recognized ransomware assault was in opposition to the Ohio Lottery. In that case, DragonForce boasted it had stolen over 600 GB of information – together with three million data containing names, e-mail addresses, social safety numbers, and different delicate data.
Different claimed victims have included Yakult Australia (95.19 GB of firm knowledge breached), and Coca-Cola in Singapore (413.92 GB.)
Did not in addition they hit some island not too long ago?
You should be considering of the island of Palau within the Western Pacific.
In mid-March 2024, the federal government of Palau was hit by a ransomware assault that locked up computer systems. Bizarrely, ransom notes from two hacking gangs had been left behind – one from LockBit and one from DragonForce.
As Recorded Future reports, the ransom notes gave the federal government differing directions on how one can talk with the attackers, however the Tor hyperlinks supplied didn’t work.
On its darkish net leak website, the DragonForce ransomware gang threatened to launch data stolen from the island’s authorities, stating that negotiations had damaged down. Palauan authorities, nevertheless, denied having made any contact with the cybercriminals.
That is peculiar. What else ought to I learn about DragonForce?
Properly, in one other weird twist, the DragonForce ransomware gang has not too long ago been reported as publishing audio of its discussions with victims on its leaks website.
Audio?
Sure. As TechCrunch reports, a phone dialog between a member of the gang and considerably baffled entrance desk staff was posted on the group’s web site in an obvious try and stress an organization into paying a ransom.
DragonForce sounds slightly determined if it has to telephone its victims to provoke negotiations…
It does somewhat. However that does not imply that they can not nonetheless trigger a number of hurt and disruption in case you are unfortunate sufficient to be hit by the group’s ransomware.
So, who’s behind the DragonForce ransomware?
Though it’s unsure who’s chargeable for the DragonForce ransomware assaults, some within the cybersecurity neighborhood have linked the ransomware to the Malaysian hacking group and discussion board referred to as DragonForce Malaysia.
The same names mustn’t, in fact, be thought-about proof of a connection – and it is all the time potential that the title of DragonForce has been chosen deliberately by the ransomware gang to guide investigators off the scent, or as a chunk of mischief-making. Or perhaps it is merely coincidence…
Though there are some weird points to DragonForce, it nonetheless seems like I ought to take the menace significantly.
My suggestion can be to take any ransomware group significantly. In case your organisation falls sufferer then the results could possibly be very pricey.
What ought to we do to guard our enterprise from ransomware?
Your organisation ought to observe protected computing practices to defend in opposition to DragonForce and different ransomware assaults. These embrace:
- making safe offsite backups.
- operating up-to-date safety options and guaranteeing that your computer systems are protected with the newest safety patches in opposition to vulnerabilities.
- Prohibit an attacker’s means to unfold laterally by means of your organisation through community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever potential.
- lowering the assault floor by disabling performance that your organization doesn’t want.
- educating and informing workers concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep protected.
Editor’s Observe: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially replicate these of Tripwire.
