Find notable cyber news and cases, enriched with sources, timelines, and signals.

DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella

Threat Actor Meta
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

DragonForce has shifted into a cartel-style ransomware-as-a-service model, letting affiliates launch their own brands while sharing a common umbrella. That change expands coordination and resource sharing across the ransomware ecosystem, making attacks harder to contain. The group’s new structure also supports data-audited extortion, helping operators tune ransom pressure with more precision. The result is a more organized and scalable criminal model that can raise risk for enterprise victims.

Related Happenings

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

INC ransomware group’s RaaS expansion and victim growth in 2026

Threat Actor Meta
H score45 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...

DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure

Threat Actor Meta
H score26 First: 18.06.2026 16:30 Last: 18.06.2026 16:30 Sources 1

About this happening: **Hackledorb** has **pivoted DragonForce** from a conventional **ransomware-as-a-service (RaaS)** model into a **formalized cartel structure**, signaling a more organized and dura...

Phantom Mantis shifts The Gentlemen into an independent ransomware partnership program

Threat Actor Meta
H score24 First: 11.06.2026 19:50 Last: 11.06.2026 19:50 Sources 1

About this happening: **Phantom Mantis** moved **The Gentlemen** from dependence on other ransomware ecosystems into an **independent partnership program**, expanding its operational autonomy and affil...

The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth

Threat Actor Meta
H score26 First: 10.06.2026 17:03 Last: 10.06.2026 17:03 Sources 1

About this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...

Timeline

  1. 05.02.2026 00:14 2 articles · 5mo ago

    DragonForce adopts cartel-style ransomware model

    Campaign Scope Update

    DragonForce shifts its ransomware-as-a-service into a cartel-like umbrella where affiliates can run their own brands while sharing petabytes of storage, 24/7 server monitoring, professional file analysis and decryption services, dry runs, test attacks, and a Company Data Audit that helps tune ransom pressure; the group also launches automated affiliate signup without vetting or initial deposits, and LevelBlue says the ransomware overlaps with leaked Conti source code features such as deleting shadow copies, scanning SMB ports, and using multithreading across Windows, Linus, and ESXi.

    Show sources