CyberSum logo
Back

DragonForce Ransomware Evolves with BYOVD Techniques

Cyber Security News by CyberSum.net
5 sources
The Acronis Threat Research Unit has identified a new DragonForce ransomware variant that uses Bring Your Own Vulnerable Driver (BYOVD) techniques to disable security software. The updated malware addresses previous encryption flaws and showcases a dramatic evolution in technical sophistication. Originally emerging in 2023, DragonForce rebranded itself as a cartel, attracting affiliates with customizable encryptors and infrastructure access. The group has become more aggressive, increasing global victim postings and expanding collaborations. Its most prominent campaign involved a joint attack on a major retailer alongside the Scattered Spider intrusion group. Acronis notes the inclusion of an encrypted configuration file and the use of vulnerable drivers to forcibly kill antivirus and EDR software.

Also Read

Fantasy Hub: Advanced Android RAT Sold as MaaS on Cybercrime Channels

Researchers at zLabs have uncovered Fantasy Hub, a sophisticated Android Remote Access Trojan (RAT) sold as Malware-as-a-Service (MaaS) on cybercrime channels. The spyware enables full device control, data exfiltration, and banking credential theft. It features a phishing overlay system targeting major banks, allowing attackers to compromise financial accounts in real time. Fantasy Hub uses advanced evasion techniques and social engineering tactics to bypass detection and user scrutiny.

By Cyber Security News by CyberSum.net