![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![[Update] A renewed Pixel Watch 2 is a steal at under $80 on Amazon](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/10/Pixel-Watch-2-in-pocket-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Honor 400 series officially launching on May 22 as design is revealed [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/05/honor-400-series-announcement-1.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
DragonForce – The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025
In the rapidly evolving cybersecurity landscape of 2025, DragonForce has emerged as a formidable ransomware threat, redefining the hybrid extortion model. First appearing in December 2023 with the launch of its “DragonLeaks” dark web portal, DragonForce has quickly established itself as more than just another ransomware group. What distinguishes this threat actor is its evolution […] The post DragonForce – The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025 appeared first on Cyber Security News.
In the rapidly evolving cybersecurity landscape of 2025, DragonForce has emerged as a formidable ransomware threat, redefining the hybrid extortion model.
First appearing in December 2023 with the launch of its “DragonLeaks” dark web portal, DragonForce has quickly established itself as more than just another ransomware group.
What distinguishes this threat actor is its evolution from possible hacktivist roots into a fully commercialized criminal enterprise that combines ideological flexibility with technological agility.
The group has developed a business model specifically tailored to attract displaced or freelance affiliates, offering a competitive 20% revenue share – lower than most ransomware-as-a-service (RaaS) operations.
Their infrastructure includes white-label ransomware kits allowing affiliates to create unique ransomware brands, compile custom binaries, and personalize ransom notes and file extensions.
This approach effectively lowers the barrier to entry for cybercriminals seeking to establish their own operations.
Check Point researchers have identified DragonForce’s strategic pivot following the April 2025 disappearance of RansomHub, when the group moved swiftly to absorb displaced affiliates by marketing itself as an agile alternative to collapsed legacy operators.
This opportunistic expansion coincides with a historic surge in global ransomware activity, with Check Point’s State of Ransomware Q1 2025 report documenting 2,289 publicly named ransomware victims in just the first quarter – representing a staggering 126% year-over-year increase.
Most recently, DragonForce launched a coordinated campaign targeting high-profile UK retailers throughout April and May 2025.
These sophisticated attacks triggered multi-day outages across e-commerce platforms, loyalty programs, and internal operations.
The campaign may signal a broader strategic shift away from purely ransom-focused income toward harvesting high-volume PII for secondary monetization in underground markets.
DragonForce’s technical infrastructure represents a significant evolution in ransomware deployment methodology.
Their platform leverages a modular architecture that separates payload delivery, encryption, and data exfiltration components:-
# Simplified pseudocode showing DragonForce's modular execution flow
def main():
# Stage 1: Initial Access & Reconnaissance
if check_security_solutions() and not detect_sandbox():
# Stage 2: Lateral Movement
domain_credentials = harvest_credentials()
target_systems = identify_critical_assets()
# Stage 3: Data Exfiltration
for system in target_systems:
stolen_data = exfiltrate_sensitive_data(system)
upload_to_dragonleaks(stolen_data)
# Stage 4: Encryption & Ransom
deploy_customized_ransomware(affiliate_id)This architecture exemplifies how DragonForce isn’t merely a ransomware operation but a comprehensive criminal platform that combines marketing strategy, business model, and technical ecosystem.
As Check Point analysts note, its success lies not in technical sophistication alone, but in creating an accessible framework for cybercrime that offers affiliates anonymity, flexibility, and profit in a landscape where trust in traditional RaaS brands continues to erode.
Are you from the SOC and DFIR Teams? – Analyse Real time Malware Incidents with ANY.RUN -> Start Now for Free.
The post DragonForce – The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025 appeared first on Cyber Security News.
