A naukri.com initiative
Sentinelone
4w
98
Image Credit: Sentinelone
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists
- DragonForce ransomware group has been targeting UK retailers, causing major disruptions to businesses like Harrods and Marks and Spencer.
- The group has targeted various entities worldwide and operates a multi-extortion model, threatening with data leaks and reputational damage.
- Initial access is gained through phishing, vulnerabilities, or stolen credentials, utilizing tools like Cobalt Strike and Remote Management tools.
- DragonForce operators have exploited vulnerabilities like Apache Log4j2 Remote Code Execution and Ivanti Connect Secure Authentication Bypass.
- Ransomware payloads evolved from LockBit to a bespoke version based on the Conti v3 codebase, offering customization for affiliates.
- Affiliates can customize DragonForce ransomware, manage multiple variants for different platforms, and utilize a range of encryption modes.
- DragonForce introduced a 'white-label' branding service, allowing affiliates to disguise the ransomware and share ransom payouts with the group.
- The group's evolution towards a 'Ransomware Cartel' model signifies a shift towards increasing profitability and expanding operations.
- SentinelOne Singularity Platform provides protection against DragonForce ransomware, detecting malicious behaviors and payloads.
- Recent attacks emphasize the importance of strong cybersecurity practices and incident response procedures for businesses.
Read Full Article
5 Likes
For uninterrupted reading, download the app