Skip to main content

DragonForce expands ransomware model with white-label branding scheme


Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

April 26, 2025 By Ionut Ilascu

 

DragonForce forms ransomware cartel with multiple RaaS affiliates

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure.

DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort.

A group's representative told BleepingComputer that they’re purely financially motivated but also follow a moral compass and are against attacking certain healthcare organizations.

Typically, a RaaS operation has its own affiliates or partners, and the ransomware developer provides the file-encrypting malware and the infrastructure.

Affiliates would build a variant of the encrypting package, breach victim networks, and deploy the ransomware. They would also manage the decryption keys and usually negotiate with the victim for a ransom payment.

The developer also maintains a so-called data leak site (DLS) where they publish information stolen from victims who did not pay the attacker.

In exchange for using their malware and infrastructure, the developer charges affiliates a fee from received ransoms that is normally up to 30%.

 

>>Full Article<<

0 replies

Be the first to reply!

Reply