DragonForce ransomware group announces its forming a hacking cartel

A major ransomware group is rebranding as a “cartel” and expanding its business model. It’s part of a relatively new development in the world of cybersecurity known as RaaS, or ransomware-as-a-service.

According to cybersecurity firm Secureworks, which obtained screenshots of the March 19 announcement from an underground forum, DragonForce is shifting to a distributed model, allowing other ransomware groups to use DragonForce infrastructure and tools under their own “brands.”

In short, affiliates will be able to white label DragonForce’s tools. You know those white label products sold by Costco under the Kirkland Signature brand that are actually manufactured by major brands? It’s kind of like that.

“This approach differentiates DragonForce from other RaaS offerings and may appeal to a range of affiliates,” wrote Secureworks. “For example, the established infrastructure and accessible tools expand opportunities to threat actors who have limited technical knowledge.”

If that sounds slightly terrifying, a representative for the ransomware group told Bleeping Computer that yes, they’re “purely financially motivated,” but they “also follow a moral compass and are against attacking certain healthcare organizations.”

Under this new model as a “ransomware cartel,” DragonForce will charge 20 percent of the ransoms, Bleeding Computer reports. Affiliates are offered services like a “management system for their own operations,” file storage, 24/7 server monitoring by DragonForce, and “battle software” that can crack systems like ESXi, NAS, BSD, and Windows. So, ransomware groups that use DragonForce’s tools won’t have to deal with the hassle of building and managing their own infrastructure and tools.

By offering ransomware tools to groups or individuals without technical expertise, DragonForce will theoretically be able to grow its customer base.