Genevieve Stark, head of cybercrime evaluation at Google Menace Intelligence Group, mentioned DragonForce could possibly be making an attempt to draw RansomHub’s associates. The hacking group can be believed to be behind assaults on the pages of different rivals, together with BlackLock and Mamona, based on Sophos.
Stark warned that regardless of the motive, the fallout brings with it an elevated danger of cyberattacks. “Instability inside the extortion ecosystem can have severe implications for ransomware and knowledge theft extortion victims,” she mentioned.
Whereas double extortions stay uncommon, US firm UnitedHealth Group was the sufferer of 1 final yr as a consequence of a fallout between hacking teams.
In that case, RansomHub was approached by affiliate hacker group, Notchy, to attempt to extort a second ransom cost after an preliminary $22 million charge was stolen by Notchy’s unique RaaS associate, which faked its disappearance as a way to keep away from splitting the proceeds, based on cybersecurity specialists.
An individual conversant in the UnitedHealth hack mentioned a number of extortion makes an attempt have been commonplace in cyberattacks, however that follow-up makes an attempt have been usually opportunistic and lacked credibility.
Rafe Pilling, director of risk intelligence at Sophos, mentioned in a worst-case situation, the battle between DragonForce and RansomHub might see them each goal the identical sufferer in a battle for enterprise.
“Cybercriminals are a ruthless bunch, and a betrayal between companions can lead to a state of affairs the place the sufferer will get extorted twice,” he added.
The worldwide value of cybercrime is estimated to achieve $10 trillion in 2025, based on Cybersecurity Ventures. The determine—which is up from $3 trillion in 2015—comes as hacker teams have more and more seemed to maximise revenue by their assaults.
DragonForce, which was first recognized in August 2023, listed a complete of 82 victims on its dark-web web site within the following 12 months, based on cybersecurity agency Group-IB, whereas RansomHub—which additionally got here to prominence in 2023—reported about 500 victims on its web site in 2024.
Jake Moore, world cybersecurity adviser at ESET, warned that the volatility of the state of affairs might make corporations’ defence and response ways extra susceptible.
“Bear in mind it is a Wild West, lawless setting the place regular competitors guidelines merely don’t apply,” he mentioned.
© 2025 The Monetary Occasions Ltd. All rights reserved. Please don’t copy and paste FT articles and redistribute by e mail or submit to the online.
