DragonForce, a notorious ransomware group, has reportedly made a bold claim of taking over the infrastructure of RansomHub, a prominent ransomware group that has been at the forefront of cyber attacks in the past year. According to Cyble threat intelligence researchers, DragonForce made this announcement on the RAMP forum and later posted the same information on their onion-based data leak site (DLS). The group revealed that they are launching new infrastructure with two secure onion links, which utilize CAPTCHA for added security measures, all while displaying the RansomHub logo.
The exact nature of the relationship between DragonForce and RansomHub remains unclear. DragonForce’s post on RAMP seemed to suggest that RansomHub had decided to move to DragonForce’s infrastructure willingly, hinting at a potential partnership between the two groups. This move was presented as a new “project” by DragonForce, showcasing a new option from the DragonForce Ransomware Cartel. Additionally, DragonForce extended an offer to RansomHub through a postscript on their Tor-based Data Leak Site, inviting them to consider their proposal and join their ranks.
The announcement of this supposed takeover comes shortly after DragonForce’s expansion of its ransomware-as-a-service (RaaS) operation in March. The group introduced a franchise-like model that allows affiliates to launch their own ransomware brands under the DragonForce Ransomware Cartel, providing them with backend support and infrastructure while maintaining centralized control. Furthermore, technical upgrades were rolled out for DragonForce’s ransomware lockers across various systems, including ESXi, NAS, BSD, and Windows, signaling a more sophisticated and professionalized approach to their operations.
As speculation looms over the future of RansomHub and its relationship with DragonForce, it is worth noting the impressive run RansomHub had before the alleged takeover. The group had outperformed its competitors since February 2024, attributed to factors such as greater transparency, predictable payouts, and well-packaged attack playbooks for affiliates. The uncertainty surrounding the future of both groups leaves many questions unanswered, as industry experts and cybersecurity analysts closely monitor the evolving situation.
It remains to be seen how this unexpected turn of events will impact the ransomware landscape and the ongoing battle against cyber threats. As new information emerges, we will continue to provide updates on this developing story. Stay tuned for the latest developments in this high-stakes cyber saga.