The DragonForce Cartel: Scattered Spider at the Gate

The DragonForce Cartel: Scattered Spider at the Gate www.acronis.com/en/tru/po… The Acronis Threat Research Unit has analyzed recent activity linked to the DragonForce ransomware group and identified a new malware variant circulating in the wild. The sample leverages vulnerable drivers — including truesight.sys and rentdrv2.sys — to disable security tools, terminate protected processes and correct encryption flaws previously associated with the Akira ransomware family. The revised encryption scheme appears to resolve weaknesses highlighted in a Habr article referenced on DragonForce’s leak site. DragonForce recently announced a rebrand, positioning itself as a cartel. The model offers affiliates eighty per cent of profits, customizable encryptors and shared infrastructure, lowering entry barriers and driving broader participation. Activity has increased accordingly, with more global attacks reported compared to one year ago. The group has been publicly linked to a notable incident involving retailer Marks & Spencer in collaboration with Scattered Spider. The blog provides a technical analysis of the new ransomware variant and additional context on DragonForce’s operational evolution and affiliations.