Global DragonForce attacks involve custom Conti, LockBit ransomware

More than 80 manufacturing, transportation, and real estate organizations around the world, most of which are in the U.S., have been targeted by the DragonForce ransomware-as-a-service operation with attacks involving enhanced iterations of the LockBit and Conti ransomware payloads during the last 12 months, according to The Record, a news site by cybersecurity firm Recorded Future.

Intrusions conducted by DragonForce, which has been suspected to be based in Malaysia, also involved the deployment of the SystemBC backdoor and the Mimikatz and Cobalt Strike tools to facilitate further compromise to advance its double extortion efforts, an analysis from Group-IB revealed. "This is unsurprising as modern ransomware operators are increasingly reusing and modifying builders from well known ransomware families that were leaked, to tailor to their needs," said Group-IB researchers. Such findings come after the ransomware gang was reported to have compromised the government of Palau, the Ohio Lottery, and Yakult Australia.