Threat Database Ransomware DragonForce Ransomware

DragonForce Ransomware

The DragonForce Ransomware is harmful software. It was designed to encrypt files on a victim's computer, rendering them out of reach until a ransom is paid. This ransomware is particularly notable for adding the .'dragonforce_encrypted' file extension to the names of the encrypted files. Additionally, it leaves behind a ransom note named 'readme.txt,' which instructs the victims on how to regain access to their files.

How the DragonForce Ransomware Operates

  1. Infiltration: The DragonForce Ransomware typically infiltrates a system through phishing emails, fraudulent downloads or exploiting vulnerabilities in outdated software.
  2. Encryption: Once inside, the ransomware scans the system for files to encrypt. It can affect a wide range of file types to maximize damage and ensure the victim's cooperation.
  3. File Extension: Each affected file receives the '.dragonforce_encrypted' extension after encryption. For example, a file named document.docx would be renamed to document.docx.dragonforce_encrypted.
  4. Ransom Note: The ransomware generates a ransom note named 'readme.txt' in various directories on the infected system. This note provides instructions on how to contact the attackers and how to pay the ransom.

Contents of the Ransom Note

The 'readme.txt' file typically includes the following information:

  • Notification of Encryption: A statement that the victim's files have been encrypted and cannot be accessed.
  • Ransom Demand: While the note does not specify the ransom amount, it informs the victim that they must pay a ransom to decrypt their files.
  • Contact Methods: Instructions to contact the attackers via a Tor website or Tox chat for further details on the ransom amount and payment process.

Recommended Steps When Infected by Ransomware

Being infected by ransomware can be a stressful experience, but it's crucial to respond calmly and methodically. Here are the steps to take:

  1. Isolate the Infected System: Immediately disconnect the infected PC from the network (both wired and wireless) to prevent the ransomware from spreading to other devices.
  2. Do Not Pay the Ransom: Cybersecurity experts generally advise against paying the ransom. Paying does not mean that the attackers will decrypt your files, and it also encourages further criminal activity.
  3. Identify the Ransomware: Determine the specific strain of ransomware. There are tools that can help identify the ransomware based on the ransom note and encrypted file extension.
  4. Report the Attack: Report the incident to local law enforcement and cybercrime authorities. In the U.S., this would be the FBI's Internet Crime Complaint Center (IC3).
  5. Seek Professional Help: Consult with cybersecurity professionals who can assist in the recovery process. They may be able to decrypt your files or provide other solutions.
  6. Restore from Backup: If you have a recent backup of your data that has not been compromised, you can restore your files from there. Ensure the backup is clean before restoring.
  7. Use Decryption Tools: Free decryption tools are sometimes available for specific ransomware strains.
  8. Clean the System: Use reputable anti-malware software to scan and clean your system of any remaining ransomware components. This step is essential to prevent reinfection.
  9. Update and Patch: Make sure your software and operating system are up to date with the latest security patches. This helps prevent future infections.
  10. Implement Strong Security Practices:
    • Use strong, unique passwords for all accounts.
    • Enable two-factor authentication where possible.
    • Regularly back up your data to an independent drive or cloud storage.
    • Be attentive to email attachments and links from unknown sources.
    • Educate yourself and your employees about phishing and other social engineering attacks.

The DragonForce Ransomware is a potent threat that can cause significant disruption and data loss. Understanding how it operates and knowing the correct steps to take when infected can mitigate the damage and improve the chances of recovering your data. Always prioritize preventive measures and maintain regular backups to safeguard against such attacks.

Below, you will find the full-text of the DragonForce Ransomware random message:

'Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay.

--- Our communication process:

1. You contact us.
2. We send you a list of files that were stolen.
3. We decrypt 1 file to confirm that our decryptor works.
4. We agree on the amount, which must be paid using BTC.
5. We delete your files, we give you a decryptor.
6. We give you a detailed report on how we compromised your company, and recommendations on how to avoid such situations in the future.
--- Client area (use this site to contact us):

Link for Tor Browser: -
>>> Use this ID: 5259BC46FA73563564AA07A84EC63608   to begin the recovery process.

* In order to access the site, you will need Tor Browser,
  you can download it from this link: hxxps://

--- Additional contacts:

Support Tox: 1C054B722BCBF41A918EF3C485712742088F5C3E81B2FDD91ADEA6BA55F4A856D90A65E99D20

--- Recommendations:

DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.

--- Important:

If you refuse to pay or do not get in touch with us, we start publishing your files.
12/07/2024 00:00 UTC the decryptor will be destroyed and the files will be published on our blog.

Blog: -

Sincerely, 01000100 01110010 01100001 01100111 01101111 01101110 01000110 01101111 01110010 01100011 01100101'


Most Viewed