The DragonForce Ransomware Connection To LockBit Black
Researchers have identified a connection between DragonForce ransomware and LockBit Black ransomware. The DragonForce ransomware binary appears to be based on LockBit Black suggesting that the threat actors behind DragonForce used a leaked builder of LockBit Black ransomware to generate their binary. This connection was discovered after a user shared the download link for the LockBit ransomware builder on Twitter in September 2022. DragonForce ransomware which surfaced in November 2023 uses double extortion tactics exfiltrating data before encryption and then leaking the data if ransom demands are not met. The ransomware operations began with the public disclosure of victim details on a cybercrime forum and their leak site with over 25 victims worldwide disclosed to date. The discovery of DragonForce ransomware and its links to the leaked builder of LockBit Black ransomware highlights the growing threat posed by the abuse of leaked malware-building tools in cyberattacks.