Hacker 'turf war' unfolding as Russian DragonForce ransomware gang drama could lead to 'double extortions,' making life even worse for potential victims

laptop on fire
(Image credit: Shutterstock)

Ransomware is a powerful tool used by weak people to extract make-believe money, primarily used for dark web drug buys and Ponzi schemes, from organizations that haven't implemented proper security and backup protocols in the year 2025. It comes as no surprise, then, that drama between several "gangs" who rely on this involuntary encryption tool is reportedly set to make things even worse for potential victims.

The Financial Times today reported that DragonForce, "a group of largely Russian speaking cyber criminals behind a spate of high-profile attacks this year," has "begun a turf war with its rivals" that "could bring more hacks and further fallout for corporate victims." Why? Apparently, it's because a group called RansomHub "widened the services it offered and expanded its reach to attract more affiliate partners."

Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • Krasen007
    excuse me extract make-believe money?
    b it co i n is very real my friend... ( why is this censured? ?? ) ((is this why you said make-believe money?? are you internally censored?? )
    Reply
  • SomeoneElse23
    BTC is real, but it's not money.
    Reply
  • Notton
    Technically, no currency is real right now, they're all vibes based.
    crypto? digital vibes
    stocks? wallstreet bro vibes
    fiat currency? bankster vibes

    The only real currency is backed by gold.
    Reply
  • pmkoom
    This has to be written by a boomer...weak people and fake money? I say they are extremely powerful people and fake money I don't think so. Toms hardware wtfff
    Reply
  • circadia
    pmkoom said:
    This has to be written by a boomer...weak people and fake money? I say they are extremely powerful people and fake money I don't think so. Toms hardware wtfff
    in their defense, this article was written by a freelancer, so...

    and I wouldn't say ransomware groups are "powerful people", more like "knowledgeable people who end up commiting crime" or whatever.
    Reply
  • DS426
    Sophos noted in 2022 that the closure of the BlackMatter ransomware group hardly mattered: "Ransomware-as-a-service is simply the service. Affiliates who buy the service and do the actual hacking simply seek out new networks to affiliate with and continue with their crime sprees unabated. Meanwhile, the operators, or original creators, of the ransomware that 'closed,' will likely re-emerge under a new name."
    Yep. BlackMatter was a rebrand from Darkside. BlackMatter rebranded into a gang that was mentioned later in this article -- Blackcat/ ALPHV. ALPHV fragmented and rebranded in part to RansomHub. This is just how these things have gone with ransomware gangs since practically the beginning; eventually, too much law enforcement heat and/or in-fighting results in rebranding and fragmenting. This sort of thing also happens with non-ransomware cybercrime groups as well, like pure data extortionists, IAB's (initial access brokers), and so on.

    If we're lucky, the turf wars will result in the gangs going directly after each other until one is basically burned to the ground, but I wouldn't hold my breathe.
    Reply