dragonforce's first successful ransomware operation was the Ohio lottery in 2023...
86 organizations (that we know of) feel victim to ransomware last week...
Of those, 12 were the work of dragonforce.
They're an interesting group considering that they're known to call victims directly to intimidate them into paying the ransom. They've also been known to publish recordings of these calls.
In an even more interesting twist, they were one of two groups to claim responsibility - and leave a ransom note - during the attack on the island nation of Palau in March of 2024.
During that attack two ransom notes were left - one claiming to be lockbit and another claiming to be dragonforce. In both of these notes the link to the tor website to make payment did not work.
Palau also denies that any data was exfiltrated. Could the ransom notes have been a smoke screen to some other attack?
The timing of the incident lined up with an agreement between Palau and the United States related to military bases and funding. I'm sure some other nations in the area didn't take too kindly to this...
Needless to say, dragonforce is a group shrouded in mystery and the busiest group last week.
More information: https://therecord.media/palau-denies-ransomware-gang-claims
