- Dragonforce sells its ransomware as a service that can be overturned
- The group will handle malware development, leaks and more
- Raas democratizing malware – as if AI had not done enough damage
Inspired by Drug Gangs, Ransomware Group Dragonforce brings a new business model for the Ransomware scene, and it involves collaboration with other ransomware gangs.
Dragonforce has now been observed, offering a white -labeled associated model that allows others to use their infrastructure and malware while the branding attacks under their own name.
With this model, associated companies do not have to manage the infrastructure and Dragonforce will take care of negotiating places, malware development and data leaks.
Dragonforce develops the Ransomware -Scen with a new business model
“Announced features include administrative and client panels, encryption and Ransom-negotiation tools, a file storage system, a Tor-based leakage place and .onion domain and support services,” explained cybersecurity scientists from SecureWorks.
Secureworks explained that the Dragonforce of underground post in a March 2025 redirected himself as a “cartel” that advertised a shift to a distributed model. Dragonforce first appeared in August 2023.
Anubis, a much newer Ransomware group that has been in operation since December 2024, has also launched its own associated scheme, including a traditional Ransomware-as-A-Service product that Nets associated 80% of their ransom.
Like artificial intelligence has already democratized access to coding, these models are expanding further access to ransomware, which means that smaller technical threat players can target victims. The flexibility and reduced operational burdens are also key sales sites.
However, the exact number of affiliated companies using these schemes is practically not traceable Bleeping computer Has reported that Ransombay has already joined the Dragonforce’s scheme.
“Cyber criminals are motivated by financial gain, so they adopt innovative models and aggressive pressure stactics to move the trend to their advantage,” SecureWorks added.
The usual principles apply when it comes to protecting yourself from any kind of ransomware-rule-role-lapping internet-facing devices, implementing phishing-resistant multifactor authentication (MFA), maintaining robust backups and surveillance networks for malicious activity are all important steps to take.
