- Dragonforce sells its ransomware as a service that can be renamed
- The group will manage the development of malware, flight sites and more
- Raas democratizes malicious software – as if AI had not done enough damage
Inspired by drug gangs, the Ransomware Dragonforce group brings a new commercial model on the Ransomware scene, and it is a question of cooperating with other ransomware gangs.
Dragonforce has now been observed by offering a white marking affiliation model, allowing others to use their infrastructure and malicious software while marking attacks under their own name.
With this model, the affiliates will not need to manage the infrastructure and DragonForce will take care of the negotiation sites, the development sites of malware and data leakage sites.
Dragonforce evolves the Ransomware scene with a new commercial model
“The announced features include administration and customer panels, encryption and ransom negotiation tools, a file storage system, a TOR -based leakage site and a .onion field, and support services,” said the Cybersecurity Researchers of SecureWorks.
SecureWorks explained that, in a metro post in March 2025, DragonForce renamed itself as a “cartel”, announcing a transition to a distributed model. Dragonforce appeared for the first time in August 2023.
Anubis, a much more recent ransomware group that has been operating since December 2024, has also launched its own affiliation scheme, including a traditional ransomware product as a service that retains 80% of their ransoms.
Just as artificial intelligence has already democratized access to coding, these models are further extending access to ransomware, which means that less technical threat actors can target victims. Flexibility and reduced operational charges are also key sales arguments.
The exact number of affiliates using these patterns is practically not found, however BIP computer reported that Ransombay has already joined the dragonforce plan.
“Cybercriminals are motivated by the financial gain, so they adopt innovative models and aggressive pressure tactics to change the trend in their favor,” added SecureWorks.
The usual principles apply when it comes to protecting yourself from any type of ransomware – regularly patcher internet oriented devices, implement multi -cost -effective phishing (MFA), the maintenance of robust backups and the monitoring networks of malicious activities are all important steps to take.
