TZUTC: -0500
MSGID: 1071.consprcy@1:2320/105 2c761f9e
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
DragonForce ransomware group evolves new cartel business model

Date:
Mon, 28 Apr 2025 17:16:00 +0000

Description:
Attackers are now able to buy their ransomware and rebrand it, avoiding all
the infrastructure logistics that go with it.

FULL STORY

Inspired by drug gangs, ransomware group DragonForce is bringing a new
business model to the ransomware scene, and it involves cooperating with 
other ransomware gangs. 

DragonForce has now been observed offering a white-label affiliate model,
allowing others to use their infrastructure and malware while branding 
attacks under their own name. 

With this model, affiliates won't need to manage the infrastructure and
DragonForce will take care of negotitation sites, malware develpoment and 
data leak sites.

DragonForce evolves the ransomware scene with a new business model

"Advertised features include administration and client panels, encryption and
ransom negotiation tools, a file storage system, a Tor-based leak site and
.onion domain, and support services," cybersecurity researchers from
Secureworks explained. 

Secureworks explained that, in a March 2025 underground post, DragonForce
rebranded itself as a "cartel," announcing a shift to a distributed model.
DragonForce first appeared in August 2023. 

Anubis, a much newer ransomware group that's been operating since December
2024, has also launched its own affiliate scheme, including a traditional
ransomware-as-a-service product that nets affiliates 80% of their ransoms. 

Much like artificial intelligence has already democratized access to coding,
these models are further extending access to ransomware, meaning that less
technical threat actors can target victims. The flexibility and reduced
operational burdens are also key selling points. 

The exact number of affiliates using these schemes is virtually untraceable,
however Bleeping Computer has reported that RansomBay has already joined
DragonForce's scheme. 

"Cybercriminals are motivated by financial gain, so they are adopting
innovative models and aggressive pressure tactics to shift the trend in their
favor," Secureworks added. 

The usual principles apply when it comes to protecting yourself from any type
of ransomware  regularly patching internet-facing devices, implementing
phishing-resistant multi-factor authentication (MFA), maintaining robust
backups and monitoring networks for malicious activity are all important 
steps to take.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/dragonforce-ransomware-group-evolves-ne
w-cartel-business-model

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426