DragonForce Cartel: Conti-Derived Ransomware Group Targets Financial Sector

DragonForce Cartel, a ransomware group derived from the notorious Conti ransomware operation, has been actively targeting the financial sector. This group continues the legacy of Conti by employing sophisticated ransomware tactics to infiltrate and compromise financial institutions. The DragonForce Cartel uses advanced malware variants and exploits vulnerabilities to execute ransomware attacks, demanding hefty ransoms from victims. Their operations highlight the persistent threat ransomware groups pose to critical sectors such as finance, emphasizing the need for robust cybersecurity measures and threat intelligence sharing. Organizations are urged to enhance their defenses, conduct regular vulnerability assessments, and implement comprehensive incident response plans to mitigate the risks posed by such advanced threat actors. The emergence of DragonForce Cartel underscores the evolving ransomware landscape and the importance of staying vigilant against these sophisticated cyber threats.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 04 Nov 2025 13:45:03 +0000

Cyber News related to DragonForce Cartel: Conti-Derived Ransomware Group Targets Financial Sector

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
8 months ago Cybersecuritynews.com

DragonForce Cartel: Conti-Derived Ransomware Group Targets Financial Sector - DragonForce Cartel, a ransomware group derived from the notorious Conti ransomware operation, has been actively targeting the financial sector. This group continues the legacy of Conti by employing sophisticated ransomware tactics to infiltrate and ...
1 week ago Infosecurity-magazine.com DragonForce Cartel Conti

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
7 months ago Cybersecuritynews.com

Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
1 year ago Bleepingcomputer.com Blacksuit LockBit Threeam

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com

DragonForce Cartel Emerges from the Leaked Source Code - The DragonForce Cartel, a newly identified cybercrime group, has surfaced following the leak of their source code. This development marks a significant moment in the cybersecurity landscape, as the leaked code provides unprecedented insight into the ...
1 week ago Cybersecuritynews.com DragonForce Cartel

More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media FIN7 Black Basta

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

How To Use YARA Rules To Identify Financial Sector Targeted Attacks - By analyzing multiple samples from the same malware family, security teams can create YARA rules that identify various iterations of the threat, even as attackers attempt to modify their code to evade detection. By scanning network traffic for ...
6 months ago Cybersecuritynews.com Hunters

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

DragonForce - The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025 - This opportunistic expansion coincides with a historic surge in global ransomware activity, with Check Point’s State of Ransomware Q1 2025 report documenting 2,289 publicly named ransomware victims in just the first quarter – representing ...
6 months ago Cybersecuritynews.com Dragonforce Ransomhub

DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down - On 25 December 2023, the Ohio Lottery faced a major cyberattack, as a result, they had to shut down some crucial systems related to the undisclosed internal application. The threat actors behind the breach are the DragonForce ransomware group. While ...
1 year ago Cysecurity.news Dragonforce

The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
1 year ago Securityboulevard.com Trigona Ragnar Locker

CVE-2022-50280 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Black Basta ransomware Received Over $100 million from Victims - Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made over $100 million in ransom payments. This ransomware has also been discovered to resemble the Conti ransomware group, which stopped its operations ...
1 year ago Cybersecuritynews.com Black Basta

Ransomware Groups Allegedly Breach IT Networks, Stealing Data from UK Retailers - A notorious ransomware group dubbed DragonForce has claimed responsibility for a series of cyber attacks targeting major UK retailers, with Co-op now confirming a significant data breach affecting its membership database. In response to these ...
6 months ago Cybersecuritynews.com Dragonforce

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

New DEVMAN Ransomware From DragonForce Attacking Windows 10 and 11 Users - A sophisticated new ransomware variant identified as DEVMAN has emerged from the DragonForce ransomware-as-a-service ecosystem, targeting both Windows 10 and Windows 11 systems with notable behavioral differences between operating system versions. ...
4 months ago Cybersecuritynews.com Dragonforce

M&S confirms social engineering led to massive ransomware attack - As first reported by BleepingComputer, the attack on M&S was conducted by threat actors linked to Scattered Spider, who deployed the DragonForce ransomware on the network. Tata provides help desk support for M&S and is believed to have ...
4 months ago Bleepingcomputer.com Scattered Spider Dragonforce

DragonForce Ransomware Empowers Affiliates with Modular Toolkit to Create Custom Ransomware Payloads - Cyber Security News - Additionally, the system includes stealth-optimized encryption algorithms designed to bypass endpoint detection and response solutions, multilingual victim portals for global operations, and comprehensive affiliate support including technical ...
4 months ago Cybersecuritynews.com Dragonforce LockBit

NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
1 year ago Techtarget.com Rocke 8base LockBit BianLian Medusa

RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals - Unlike many competitors, RansomHub implemented a business model that directed ransom payments either directly to affiliates or split them at the point of transaction, significantly reducing the risk of “exit-scamming” – a common problem ...
7 months ago Cybersecuritynews.com Dragonforce Black Basta Ransomhub

Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com