Ransomware

Global DragonForce attacks involve custom Conti, LockBit ransomware

Share
Image of ransomware, computer language, circuit board pattern over data server room

(Adobe Stock)

More than 80 manufacturing, transportation, and real estate organizations around the world, most of which are in the U.S., have been targeted by the DragonForce ransomware-as-a-service operation with attacks involving enhanced iterations of the LockBit and Conti ransomware payloads during the last 12 months, according to The Record, a news site by cybersecurity firm Recorded Future.

Intrusions conducted by DragonForce, which has been suspected to be based in Malaysia, also involved the deployment of the SystemBC backdoor and the Mimikatz and Cobalt Strike tools to facilitate further compromise to advance its double extortion efforts, an analysis from Group-IB revealed. "This is unsurprising as modern ransomware operators are increasingly reusing and modifying builders from well known ransomware families that were leaked, to tailor to their needs," said Group-IB researchers. Such findings come after the ransomware gang was reported to have compromised the government of Palau, the Ohio Lottery, and Yakult Australia.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.