The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions

This Cybereason threat intelligence report details DragonForce, a rapidly evolving ransomware-as-a-service cartel that conducts dual‑extortion attacks across Windows, Linux, ESXi, BSD, and NAS; it documents the group's RaaS features (multi-brand support, automated affiliate registration, configurable encryption modes), professionalized extortion services (data audits), observed TTPs (SMB scanning, WMIC shadow copy deletion, lateral movement), technical IOCs (file hash, mutex, hosting IPs), victimology (manufacturing, construction, business services), and provides detection and mitigation guidance.