How is this going?
A relatively new ransomware called DragonForce is making headlines after a series of high-profile attacks.
Like many other ransomware groups, DragonForce attempts to extort money from victims in two ways: by locking down company computers and data through encryption, and by threatening to release the data to others via the dark web, thus extracting money from infected systems. to steal data.
So far, everything is working fine. How does DragonForce stand out?
DragonForce’s earliest known ransomware attack was against an Ohio lottery company. In that case, DragonForce claimed it stole more than 600 gigabytes of data, including 3 million records containing names, email addresses, Social Security numbers and other sensitive information.
Other alleged victims include Australia’s Yakult (95.19 GB of corporate data leaked) and Singapore’s Coca-Cola (413.92 GB).
Didn’t they also attack an island recently?
You will definitely think of Palau Island in the Western Pacific.
In mid-March 2024, the Palau government suffered a ransomware attack, causing computers to be locked.Strangely, the ransom note comes from two Hacker groups were left behind – one from LockBit and one from DragonForce.
as Record the future According to the report, the ransom note provided different instructions to the government on how to communicate with the attackers, but the provided Tor link did not work.
DragonForce ransomware group threatened to publish information stolen from the island’s government on its dark web leak site, saying negotiations had broken down. However, Palau authorities deny any connection with cybercriminals.
This is very strange. What else should I know about DragonForce?
Well, in another strange twist, the DragonForce ransomware gang recently reportedly posted messages of discussions with victims on its leak website.
Sound?
Yes.as TechCrunch A phone conversation reportedly between a member of the gang and a confused front desk employee was posted on the gang’s website in an apparent attempt to force a company to pay a ransom.
It sounds a bit desperate if DragonForce has to call the victim to initiate negotiations…
Indeed. But that doesn’t mean they can’t still cause a lot of damage and damage if you’re unfortunate enough to be attacked by the group’s ransomware.
So, who is behind the DragonForce ransomware?
Although it is unclear who is responsible for the DragonForce ransomware attack, some in the cybersecurity community have linked the ransomware to a Malaysian hacker group and forum called DragonForce Malaysia.
Of course, similar names shouldn’t be taken as evidence of a connection, and it’s likely that DragonForce’s name was deliberately chosen by the ransomware gang to mislead investigators, or as a prank. Or maybe it’s just a coincidence…
While there are some strange aspects to DragonForce, it still sounds like a threat I should take seriously.
My advice is to take any ransomware group seriously. If your organization falls victim, the consequences can be very expensive.
What should we do to protect our businesses from ransomware?
Your organization should follow secure computing practices to protect against DragonForce and other ransomware attacks. These include:
- Make secure off-site backups.
- Run the latest security solutions and make sure your computer is protected against vulnerabilities with the latest security patches.
- Limit attackers’ ability to spread laterally through your organization through network segmentation.
- Protect sensitive data and accounts with unique, hard-to-crack passwords and enable multi-factor authentication.
- Encrypt sensitive information whenever possible.
- Reduce your attack surface by disabling features your company doesn’t need.
- Educate and inform employees about the risks and methods used by cybercriminals to launch attacks and steal data.
be safe.
Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.
