Wednesday, September 18, 2024
HomeCyber AttackNew DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder

New DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder

Published on

Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which enable them to tailor attacks to specific targets and evade detection by security measures.

DragonForce Ransomware emerged in November 2023, employing double extortion tactics – data theft followed by encryption, with victims’ data leaked if the ransom is unpaid. 

Though sharing the name with a Malaysian hacktivist group, the origins of the DragonForce Ransomware are unclear. 

- Advertisement - EHA

Cyble’s cybersecurity researchers’ analysis recently revealed that the DragonForce’s binary is based on the leaked LOCKBIT Black builder, allowing customization like encryption modes, filename obfuscation, process impersonation, file & folder exclusions, and ransom note templating.

DragonForce Leak Site (Source – Cyble)

DragonForce LOCKBIT Builder

Over 25 global victims have been disclosed so far, and the group leverages the leaked LOCKBIT infrastructure for operational efficiency while maintaining anonymity through the rebranded “DragonForce” identity.

After analyzing the code, it was found that DragonForce ransomware uses the leaked LOCKBIT builder, which shares many characteristics in terms of design and functionalities.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Upon execution, this virus stops many processes and services such as Oracle, Microsoft Office apps, antivirus software, and even backup solutions to speed up encryption. 

The encrypted files are given a random name followed by the ‘.AoVOpni2N’ extension. 

Encrypted Files (Source – Cyble)

The criminals also put a ransom note called ‘AoVOpni2N.README.txt’ into each encrypted folder. It contains instructions on how to pay for decryption.

Ransom Note (Source – Cyble)

What DragonForce does is take advantage of their knowledge about Lockbit, which they got from another leak, to make their attacks fast, but it is not easy to attribute them back through rebranding themselves.

The DragonForce ransomware shows how dangerous the situation becomes with leaked malware builders such as LOCKBIT Black. 

These types of programs allow threat actors to create personalized ransomware quickly and without much effort, making it harder for international companies to protect themselves against them. 

This data-stealing and encrypting method demonstrates that cyber attackers continuously evolve their strategies to impose maximum monetary harm through ransomware attacks, such as those performed by groups such as DragonForce, which utilizes the “double extortion” method, reads Cyble report.

This particular case serves as another reminder of why strong safeguards should always exist against the ever-changing threats posed by ransomware groups that take advantage when developers leak their tools into the public domain.

Recommendations

Here below we have mentioned all the recommendations:-

  • Verify links and email attachments before opening.
  • Regularly backup data and store it offline.
  • Enable automatic software updates on all devices.
  • Utilize reputable antivirus and security software.
  • Disconnect infected devices from the network.
  • Disconnect external storage devices if connected.
  • Monitor system logs for suspicious activity.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its...

CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Key Russian Hacker Group Attacking Users With .NET Built Ransomware

The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally,...

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks

Medusa, a relatively new ransomware group, has gained notoriety for its dual-pronged online presence....