Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   DragonForce expands ransomware model with white-label branding scheme (http://txgate.io:443/showthread.php?t=51296637)

WWW 05-26-2025 12:05 PM
<div id="post_message_788194">

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure.<br/>
<br/>
DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort.<br/>
<br/>
A group's representative told BleepingComputer that they’re purely financially motivated but also follow a moral compass and are against attacking certain healthcare organizations.<br/>
<br/>
Typically, a RaaS operation has its own affiliates or partners, and the ransomware developer provides the file-encrypting malware and the infrastructure.<br/>
<br/>
Affiliates would build a variant of the encrypting package, breach victim networks, and deploy the ransomware. They would also manage the decryption keys and usually negotiate with the victim for a ransom payment.<br/>
<br/>
The developer also maintains a so-called data leak site (DLS) where they publish information stolen from victims who did not pay the attacker.<br/>
<br/>
In exchange for using their malware and infrastructure, the developer charges affiliates a fee from received ransoms that is normally up to 30%.<br/>
<br/>
<b><font size="4">The DragonForce ransomware business</font></b><br/>
<br/>
DragonForce now calls itself a “ransomware cartel” and takes 20% of the paid ransoms.<br/>
<br/>
Under its model, affiliates get access to the infrastructure (negotiation tools, storage for stolen data, malware administration), and use the DragonForce encryptor under their own branding.<br/>
<br/>
The group announced the “new direction” in March, saying that affiliates can create their “own brand under the auspices of an already proven partner.”<br/>
<br/>
As the post below says, DragonForce aims to manage “unlimited brands” that can target ESXi, NAS, BSD, and Windows systems.<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1100723/DragonForce_new-model.png"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

DragonForce announcing SaaS-like RaaS model

</td>
</tr>
</table>
</div>DragonForce told BleepingComputer that their structure is that of a marketplace, where affiliates can choose to deploy attacks under the DragonForce brand or a different one.<br/>
<br/>
Basically, groups of threat actors can use the service and white label under their own name so it appears they are their own brand.<br/>
<br/>
In return, they don’t have to deal with the headache of running data leak and negotiation sites, develop malware, or deal with negotiations.<br/>
<br/>
There are rules to abide by, though, and affiliates will be kicked out at the first misstep. “We are honest partners who respect the rules,” the DragonForce representative told us.<br/>
<br/>
“They have to follow the rules, and we can control that because everything we run is on our servers, otherwise it wouldn't make sense,” DragonForce says.<br/>
<br/>
Those rules, however, are available only to threat actors embracing the newly proposed ransomware business model.<br/>
<br/>
When asked if hospitals or healthcare organizations are off limits, DragonForce said that it all depends on the type of hospital, and showed what could be described as empathy.<br/>
<br/>
“We don't attack cancer patients or anything heart related, we'd rather send them money and help them. We're here for business and money, I didn't come here to kill people, and neither did my partners,” the threat actor told BleepingComputer.<br/>
<br/>
Researchers at cybersecurity company Secureworks say that DragonForce’s model may appeal to a wider range of affiliates and attract less technical threat actors.<br/>
<br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">
<font size="3">“Even sophisticated threat actors may appreciate the flexibility that allows them to deploy their own malware without creating and maintaining their own infrastructure” - <a href="https://www.secureworks.com/blog/ransomware-groups-evolve-affiliate-models" target="_blank">Secureworks</a></font>
</td>
</tr>
</table>
</div>By increasing the affiliate base, DragonForce could look at larger profits driven by the flexibility of its proposed model.<br/>
<br/>
It is unclear how many ransomware affiliates have contacted DragonForce cartel about the new service model but the threat actor said that the member list includes well-known gangs.<br/>
<br/>
"I can't tell you the exact number, but we have players who come to us that you often write about and want to cooperate with us," DragonForce told BleepingComputer.<br/>
<br/>
One new ransomware gang called RansomBay has already subscribed to DragonForce's model.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/dragonforce-expands-ransomware-model-with-white-label-branding-scheme/" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 11:25 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.