What is going on on?
A comparatively new pressure of ransomware referred to as DragonForce has making the headlines after a collection of high-profile assaults.
Like many different ransomware teams, DragonForce makes an attempt to extort cash from its victims in two methods – locking corporations out of their computer systems and information by encryption, and exfiltrating information from compromised programs with the specter of releasing it to others by way of the darkish internet.
To date, so regular. How did DragonForce come to prominence?
DragonForce’s earliest identified ransomware assault was towards the Ohio Lottery. In that case, DragonForce boasted it had stolen over 600 GB of information – together with three million information containing names, e mail addresses, social safety numbers, and different delicate info.
Different claimed victims have included Yakult Australia (95.19 GB of firm information breached), and Coca-Cola in Singapore (413.92 GB.)
Did not additionally they hit some island lately?
You should be considering of the island of Palau within the Western Pacific.
In mid-March 2024, the federal government of Palau was hit by a ransomware assault that locked up computer systems. Bizarrely, ransom notes from two hacking gangs have been left behind – one from LockBit and one from DragonForce.
As Recorded Future reports, the ransom notes gave the federal government differing directions on the best way to talk with the attackers, however the Tor hyperlinks offered didn’t work.
On its darkish internet leak website, the DragonForce ransomware gang threatened to launch info stolen from the island’s authorities, stating that negotiations had damaged down. Palauan authorities, nonetheless, denied having made any contact with the cybercriminals.
That is peculiar. What else ought to I find out about DragonForce?
Properly, in one other weird twist, the DragonForce ransomware gang has lately been reported as publishing audio of its discussions with victims on its leaks website.
Audio?
Sure. As TechCrunch reports, a phone dialog between a member of the gang and considerably baffled entrance desk staff was posted on the group’s web site in an obvious try to stress an organization into paying a ransom.
DragonForce sounds a bit determined if it has to cellphone its victims to provoke negotiations…
It does quite. However that does not imply that they can not nonetheless trigger plenty of hurt and disruption if you’re unfortunate sufficient to be hit by the group’s ransomware.
So, who’s behind the DragonForce ransomware?
Though it’s unsure who’s answerable for the DragonForce ransomware assaults, some within the cybersecurity neighborhood have linked the ransomware to the Malaysian hacking group and discussion board referred to as DragonForce Malaysia.
The same names shouldn’t, in fact, be thought-about proof of a connection – and it is at all times potential that the title of DragonForce has been chosen deliberately by the ransomware gang to guide investigators off the scent, or as a chunk of mischief-making. Or perhaps it is merely coincidence…
Though there are some weird facets to DragonForce, it nonetheless feels like I ought to take the risk critically.
My suggestion can be to take any ransomware group critically. In case your organisation falls sufferer then the implications might be very pricey.
What ought to we do to guard our enterprise from ransomware?
Your organisation ought to comply with protected computing practices to defend towards DragonForce and different ransomware assaults. These embody:
- making safe offsite backups.
- operating up-to-date safety options and guaranteeing that your computer systems are protected with the most recent safety patches towards vulnerabilities.
- Prohibit an attacker’s means to unfold laterally by your organisation by way of community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate information and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate information wherever potential.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing employees concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal information.
Keep protected.
Editor’s Observe: The opinions expressed on this visitor writer article are solely these of the contributor and don’t essentially replicate these of Tripwire.
