DragonForce is a highly scalable ransomware cartel that blends traditional RaaS operations, decentralized affiliates, and integrated initial access brokers to run global double-extortion campaigns. Its platform-driven model, coalition activity with groups like Qilin and LockBit, and ties to Scattered Spider show how it has evolved into a multi-actor ecosystem built for fast access, broad recruitment, and layered monetization. #DragonForce #Qilin #LockBit #ScatteredSpider #RAMP
Keypoints
- DragonForce has operated as a ransomware-as-a-service group since August 2023.
- The group combines traditional RaaS with a cartel-style model and independent affiliate branding.
- Its Suppliers panel integrates initial access brokers for faster access acquisition.
- DragonForce targets Windows, ESXi, Linux, BSD, and NAS environments with configurable ransomware tools.
- The group uses double extortion, public leak-site pressure, and automated 80/20 ransom splitting.