DragonForce was first identified in November 2023, and its origins have yet to be confirmed. Although it is a relatively new player, the group is already considered one of the top 20 ransomware organisations operating worldwide.
You can identify a DragonForce ransomware attack when a message appears, informing you that your systems are locked and your data has been encrypted. The attackers will then demand payment, usually in cryptocurrency, to ensure anonymity. If you do not comply, they will threaten to either destroy or release your data.
If a break-in occurred at your office, you would immediately contact the police and avoid touching anything until they arrive, recognising the importance of preserving the scene for forensic investigation.
The same principle applies in the case of a cyberattack. Your first step should be to contact forensic experts and ensure that the compromised system remains undisturbed. This is not a task for your internal IT team or managed service provider. Digital forensic specialists are available around the clock to assist in such situations.
If your system is targeted by a DragonForce ransomware attack, you’ll likely find a ransom note similar to the one shown on your system.
First identified in November 2023, DragonForce is a relatively new ransomware strain responsible for several high-profile attacks against commercial organisations worldwide. Notable victims include Ohio Lottery, Yakult Australia, and Coca-Cola Singapore.
DragonForce primarily engages in two key activities: executing crypto-ransomware attacks and trafficking stolen data. Additionally, the group has adopted double extortion tactics, where they both encrypt and exfiltrate data. If their ransom demands go unmet, they threaten to release the stolen data on their dark web leak site, DragonLeaks.
While the identity of those behind DragonForce remains uncertain, the group has been seen using a leaked ransomware builder originally associated with the notorious LockBit ransomware gang. Some have speculated a connection to a Malaysian hacker group of the same name, though this has not been confirmed.
Double extortion is a malicious tactic employed by cybercriminals to heighten the urgency and severity of their demands. In this scheme, attackers not only encrypt the victim’s data but also threaten to expose or sell it unless their ransom is paid.
This two-pronged approach intensifies the pressure on the targeted organisation, making it more likely they will comply with the extortion demands.
DragonForce was first identified in November 2023. While its origins remain unclear, it is uncertain whether this group is a resurgence of a previous one or an entirely new entity.
What is certain is that since its emergence, DragonForce has reportedly targeted 226 victims.
With round-the-clock availability every day of the year, Solace Cyber has delivered Digital Forensic Incident Response services across hundreds of successful recovery operations in Australia.
Solace Cyber’s track record includes hundreds of successful response recoveries, providing Digital Forensic Incident Response services, 24x7x365.
"Human error accounts for 88% of cybersecurity breaches, highlighting the need for comprehensive employee training."
When a cyber incident occurs, take these immediate actions:
Solace Cyber acts as your specialist digital forensics partner in Australia, helping restore normal operations swiftly. Our response includes:
Recovery timelines typically range from 2 weeks to 2 months, depending on the incident's scope.
Solace Cyber delivers global risk and security services across Australia, specialising in travel, crisis support, and offshore risk management. The organisation runs a fully staffed security operations centre around the clock and maintains an internal intelligence unit that produces routine daily and weekly updates. The business is certified to ISO 27001, ISO 14001, ISO 45001, and ISO 9001 standards.
Founded in the UK in 2021, Solace Cyber has grown its presence throughout Australia, concentrating on cyber incident handling, including digital forensics, incident response, ransomware events, information security, and wider risk management, supported by managed security services. The senior leadership team has more than two decades of combined experience across security and IT.
s
%+
Specialist forensic investigation and secure restoration demand focused expertise that standard IT departments rarely possess. Your internal teams excel at day-to-day technology support, but ransomware response requires dedicated capabilities they typically lack.
Consider these key challenges facing in-house teams:
We created Solace Cyber specifically to address ransomware incidents through our structured 6-phase methodology:
Our comprehensive forensic investigation begins at phase 2, forming the foundation of your business continuity plan. This detailed analysis proves essential for:
We execute our evidence examination according to a carefully structured protocol designed to identify root causes quickly. This discovery directly informs our eradication strategy and recovery plan, while building the evidence base for potential legal action. Through legal proceedings, we can help secure court orders preventing criminals from publishing your data, effectively nullifying their ransom demands.
Throughout your incident response, our Digital Forensic and Incident Response specialists maintain continuous coordination. Your dedicated Incident Manager and technical leads deliver regular progress updates, manage risk documentation, and operate within your change control frameworks from initial triage through final recovery.
At Solace Cyber, our support goes beyond just recovery. Once your operations are back up and running, we partner with you to strengthen your cybersecurity. Using a threat-informed approach, we apply our comprehensive framework to enhance your security posture.
Yes, DragonForce employs its own malware to lock victims out of their devices and the data stored on them, typically by encrypting files. The attackers then demand a ransom payment to decrypt the files and restore access.
A DragonForce ransomware attack typically infiltrates a system through one of the following methods:
To protect your business, we recommend implementing the following policies:
After recovering from a DragonForce attack, Solace Cyber advises updating your business continuity plan to reflect the lessons learned during the incident and recovery process.
Ransomware breaches typically cost businesses around £500K, while smaller email data breaches usually incur around £50K in expenses. A crucial decision arises between preserving the environment for forensic analysis or prioritising quick recovery to minimise operational disruptions. Delays in identifying and resolving breaches only increase the overall costs.
Cybersecurity insurance claims involve several factors, including costs for investigation, remediation, and coverage for legal matters, business interruptions, criminal liability, employment issues, and ransom payments. Although cyber insurance is critical for recovery, it is often considered unpredictable, and policies may require thorough validation.
When facing the pressure of a ransomware attack, a critical choice must be made to avoid weeks of operational downtime, reputational damage, and loss of client data. However, the likelihood of a successful outcome without expert assistance is low, highlighting the necessity of engaging a specialist ransomware incident response team. They are your best option for managing the situation.
Important Note: Paying individuals or groups subject to financial sanctions is a criminal offence. These sanctions lists are continuously updated.
Yes, it is possible that some of the lost data includes "Personal Data" belonging to your customers. As safeguarding this data is a legal requirement, you must consider informing your customers.
Your insurer or legal counsel will guide you on the necessary steps. Solace Cyber also has experience in working with insurers and legal advisors and can assist in managing these relationships during this challenging period.
Your business operations may experience severe disruptions, including:
To mitigate these effects, it is essential to have a robust incident response plan, including clear communication strategies, collaboration with cybersecurity experts, and measures to improve system resilience and data protection. Transparency with stakeholders and proactive efforts to rebuild trust will also help minimise long-term impacts on your business.
Under Australian law, organisations experiencing ransomware attacks must report incidents to both the Australian Signals Directorate (ASD) and the Office of the Australian Information Commissioner (OAIC), particularly when personal information is compromised, ensuring regulatory compliance and coordinated national response.
Keep calm and step away from your systems.
Avoid restoring files or altering data in any way, as doing so may complicate recovery efforts.
Reach out to Solace Cyber now on +61 (0) 282 786100 or submit our contact form to have an expert return your call.
We’ll take swift action to minimise downtime and restore stability to your operations.
Solace Cyber helps companies across Australia recover from ransomware attacks and data breaches.
Ransomware Recovery
Ransomware Groups
BEC Recovery
About Us
Blog
News
SOLACE CYBER LTD is registered in England & Wales no. 08830710
Solace Cyber
Zensec Ltd,
60 Martin Place,
Sydney,
NSW 2000
Telephone
Please note that calls may be recorded for security and training purposes.
