What is going on on?
A comparatively new pressure of ransomware known as DragonForce has making the headlines after a sequence of high-profile assaults.
Like many different ransomware teams, DragonForce makes an attempt to extort cash from its victims in two methods – locking corporations out of their computer systems and knowledge via encryption, and exfiltrating knowledge from compromised programs with the specter of releasing it to others by way of the darkish net.
To date, so regular. How did DragonForce come to prominence?
DragonForce’s earliest identified ransomware assault was towards the Ohio Lottery. In that case, DragonForce boasted it had stolen over 600 GB of knowledge – together with three million data containing names, electronic mail addresses, social safety numbers, and different delicate info.
Different claimed victims have included Yakult Australia (95.19 GB of firm knowledge breached), and Coca-Cola in Singapore (413.92 GB.)
Did not in addition they hit some island just lately?
You should be pondering of the island of Palau within the Western Pacific.
In mid-March 2024, the federal government of Palau was hit by a ransomware assault that locked up computer systems. Bizarrely, ransom notes from two hacking gangs have been left behind – one from LockBit and one from DragonForce.
As Recorded Future stories, the ransom notes gave the federal government differing directions on easy methods to talk with the attackers, however the Tor hyperlinks offered didn’t work.
On its darkish net leak web site, the DragonForce ransomware gang threatened to launch info stolen from the island’s authorities, stating that negotiations had damaged down. Palauan authorities, nonetheless, denied having made any contact with the cybercriminals.
That is peculiar. What else ought to I find out about DragonForce?
Properly, in one other weird twist, the DragonForce ransomware gang has just lately been reported as publishing audio of its discussions with victims on its leaks web site.
Audio?
Sure. As TechCrunch stories, a phone dialog between a member of the gang and considerably baffled entrance desk staff was posted on the group’s web site in an obvious try and stress an organization into paying a ransom.
DragonForce sounds a bit of determined if it has to telephone its victims to provoke negotiations…
It does fairly. However that does not imply that they can not nonetheless trigger a variety of hurt and disruption if you’re unfortunate sufficient to be hit by the group’s ransomware.
So, who’s behind the DragonForce ransomware?
Though it’s unsure who’s accountable for the DragonForce ransomware assaults, some within the cybersecurity group have linked the ransomware to the Malaysian hacking group and discussion board known as DragonForce Malaysia.
The same names shouldn’t, in fact, be thought of proof of a connection – and it is at all times attainable that the identify of DragonForce has been chosen deliberately by the ransomware gang to steer investigators off the scent, or as a chunk of mischief-making. Or possibly it is merely coincidence…
Though there are some weird facets to DragonForce, it nonetheless appears like I ought to take the risk significantly.
My advice can be to take any ransomware group significantly. In case your organisation falls sufferer then the results might be very pricey.
What ought to we do to guard our enterprise from ransomware?
Your organisation ought to observe secure computing practices to defend towards DragonForce and different ransomware assaults. These embrace:
- making safe offsite backups.
- working up-to-date safety options and guaranteeing that your computer systems are protected with the most recent safety patches towards vulnerabilities.
- Limit an attacker’s potential to unfold laterally via your organisation by way of community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever attainable.
- lowering the assault floor by disabling performance that your organization doesn’t want.
- educating and informing employees in regards to the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep secure.
Editor’s Be aware: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.
