DragonForce Cartel Surfaces from Leaked Conti v3 Ransomware Source Code

Acronis Threat Research Unit has analyzed recent activity linked to the DragonForce ransomware group and identified a new malware variant in the wild.

The latest sample uses vulnerable drivers such as truesight.sys and rentdrv2.sys to disable security software, terminate protected processes and correct encryption flaws previously associated with Akira ransomware.

The updated encryption scheme addresses weaknesses publicly detailed in a Habr article cited on DragonForce’s leak site, demonstrating the group’s commitment to maintaining operational security and technical superiority.

Recently, DragonForce announced a rebrand, stating that the group would now operate as a ransomware cartel.

By offering affiliates 80 percent of profits, customizable encryptors and infrastructure, DragonForce lowers the barrier to entry and encourages more affiliates to join.

Since then, DragonForce has been more active in attacking companies globally, posting significantly more victims compared to a year ago. Their most notable attack targeted retailer ...