Genevieve Stark, head of cybercrime evaluation at Google Risk Intelligence Group, stated DragonForce could possibly be making an attempt to draw RansomHub’s associates. The hacking group can be believed to be behind assaults on the pages of different rivals, together with BlackLock and Mamona, in accordance with Sophos.
Stark warned that regardless of the motive, the fallout brings with it an elevated threat of cyberattacks. “Instability throughout the extortion ecosystem can have severe implications for ransomware and knowledge theft extortion victims,” she stated.
Whereas double extortions stay uncommon, US firm UnitedHealth Group was the sufferer of 1 final yr as a consequence of a fallout between hacking teams.
In that case, RansomHub was approached by affiliate hacker group, Notchy, to attempt to extort a second ransom cost after an preliminary $22 million price was stolen by Notchy’s unique RaaS associate, which faked its disappearance in an effort to keep away from splitting the proceeds, in accordance with cybersecurity consultants.
An individual acquainted with the UnitedHealth hack stated a number of extortion makes an attempt had been commonplace in cyberattacks, however that follow-up makes an attempt had been typically opportunistic and lacked credibility.
Rafe Pilling, director of risk intelligence at Sophos, stated in a worst-case situation, the battle between DragonForce and RansomHub might see them each goal the identical sufferer in a battle for enterprise.
“Cybercriminals are a ruthless bunch, and a betrayal between companions may end up in a scenario the place the sufferer will get extorted twice,” he added.
The worldwide price of cybercrime is estimated to achieve $10 trillion in 2025, in accordance with Cybersecurity Ventures. The determine—which is up from $3 trillion in 2015—comes as hacker teams have more and more appeared to maximise revenue by their assaults.
DragonForce, which was first recognized in August 2023, listed a complete of 82 victims on its dark-web web site within the following 12 months, in accordance with cybersecurity agency Group-IB, whereas RansomHub—which additionally got here to prominence in 2023—reported about 500 victims on its web site in 2024.
Jake Moore, international cybersecurity adviser at ESET, warned that the volatility of the scenario might make firms’ defence and response ways extra weak.
“Bear in mind this can be a Wild West, lawless atmosphere the place regular competitors guidelines merely don’t apply,” he stated.
© 2025 The Monetary Occasions Ltd. All rights reserved. Please don’t copy and paste FT articles and redistribute by e mail or submit to the online.
