This interview provides a detailed look at Dragon Ransomware, a group active in the cybercrime landscape that combines a defined organizational structure with advanced technological expertise. Their statements shed light on operational elements and motivations that help to better understand the internal dynamics of these illicit activities. Dragon RaaS (Ransomware-as-a-Service) officially began operations on July 9, 2024. Unlike conventional ransomware groups driven primarily by economic gains or political goals, Dragon positions itself as a revolutionary entity in the field of cybersecurity. The group claims to pursue a mission combining “social justice” and resistance to economic exploitation, targeting powerful entities while protecting the vulnerable.
This declared ethos sets them apart from other actors in the field, framing their actions within a controversial narrative of “cyber resistance.” Specifically, they describe themselves as defenders of marginalized communities, citing injustices faced by civilians in the Gaza Strip as a principal driver of their activities. From a technical perspective, Dragon Ransomware demonstrates significant expertise in hacking, social engineering, and programming in languages such as C and Python. Their encryption techniques, which combine AES-CBC 256 and RSA algorithms, establish a highly secure framework that prevents data recovery without their cooperation.
Unlike many ransomware groups that rely on tools procured from black markets, Dragon Ransomware develops proprietary technologies exclusively. This approach minimizes external vulnerabilities, ensuring greater operational security. Their internal suite of tools reflects a commitment to technical rigor, further distinguishing them from less sophisticated competitors. A unique aspect of Dragon Ransomware is their stated approach to victim selection. The group claims to follow strict criteria, avoiding hospitals, humanitarian organizations, and entities where attacks could endanger human lives. While this ethical code is fraught with moral ambiguity, it is presented as an integral part of their identity.
Dragon Ransomware emphasizes its operational independence, rejecting collaborations with other cybercriminal groups or organizations. According to their statements, this autonomy is crucial for preserving the integrity and effectiveness of their operations. They also claim to adapt quickly to countermeasures implemented by governments and companies. This ongoing evolution of tactics and resources reflects their strategic capability and strengthens their resilience in the face of increasing global scrutiny.
In their interactions with victims, the group prioritizes credibility. They assert that they avoid making false promises or disseminating inaccurate data. By adhering to these principles, they aim to establish themselves as “reliable” actors within their illicit domain, thereby maintaining control over negotiation processes. Currently, the group communicates via Telegram as a temporary measure while developing a dedicated Onion website. This focus on communication strategy highlights their meticulous planning and adaptability.
While the group’s statements present a compelling narrative about their operations, it is essential to approach them with skepticism. Their activities remain unequivocally illegal and harmful, regardless of their declared motivations or ethical considerations. What emerges is a multifaceted portrait of Dragon Ransomware: a group combining advanced technological capabilities with an ideological mission, positioning itself as a controversial force in the evolving global cybercrime landscape.
The following interview delves deeper into their structure, strategies, and ambitions, offering further insights into the role they seek to carve out in this dark domain.
Note: The Dragon Ransomware group has no direct or indirect connection to the DragonForce group. Here is their response when we asked,
SuspectFile.com: Does Dragon Ransomware have any direct or indirect connection with the DragonForce ransomware group?
Dragon Ransomware: We confirm that our team works completely independently and is not connected to any other group.
SuspectFile.com: When was the Dragon Ransomware group actually formed, and what was your first significant operation?
Dragon Ransomware: DragonRaaS Group was officially founded on July 9, 2024. From the beginning, our vision has been to defend vulnerable communities and challenge global economic dominance. Our first notable operation was to target Israeli companies, as we wanted to send a clear message that the exploitation of people will not go unanswered. This operation heralded the birth of a new force in the world of cybersecurity, a force that redefines the balance of power between the rich and the oppressed.
SuspectFile.com: Did the Dragon Ransomware group originate from the dissolution or reorganization of other groups? If so, which ones?
Dragon Ransomware: Indeed, DragonRaaS arose from the breakup and reconstitution of some earlier groups, such as Stormous and other entities that were interested in hacking fields. But unlike those groups, we have built a unique identity and a new vision that combines advanced skills with ethical values that set us apart.
SuspectFile.com: What skills or prior experiences contributed to the formation of your group?
Dragon Ransomware: Our team consists of individuals with extensive experience in areas such as advanced hacking, social engineering, and programming in multiple languages such as C and Python. These skills have enabled us to build advanced tools and technologies that are unmatched by any other group. Each member of the team has his own role, which enhances our efficiency and makes us able to face the most difficult challenges.
SuspectFile.com: Are you motivated politically, economically, or is there another ideology driving your actions?
Dragon Ransomware: We are not directly politically motivated, but we undoubtedly stand with marginalized communities. Our primary motive is to correct social injustice and restore balance between classes. We do not serve personal interests or political ideologies, but rather work for a humanitarian vision that aims to achieve justice for suffering people.
SuspectFile.com: What is the main message you want to convey through your activities?
Dragon Ransomware: Our message is clear and strong: we are here to stand against the rich and big corporations who continue to exploit resources while ignoring the suffering of the poor. We are the voice of the oppressed, and the force that seeks justice when traditional systems fail.
SuspectFile.com: How does Dragon Ransomware differentiate itself from other active ransomware groups?
Dragon Ransomware: What makes us special is technical excellence, strategic planning, and ethical commitment. Our tools are programmed internally in ways that ensure high efficiency, and we choose our targets carefully. We’re not just an ordinary ransomware group; We are a force that is redefining the concept of this field, leveraging our experience and dedication to achieve our goal.
SuspectFile.com: How do you select your victims? Do you follow specific criteria?
Dragon Ransomware: We target institutions and companies, while fully adhering to our ethical standards. We refuse to target hospitals, humanitarian organizations, or any facilities that might endanger the lives of innocent people. Our goal is to deliver effective strikes against companies that exploit influence and drain people’s resources.
SuspectFile.com: Do you focus your operations on specific sectors, geographical regions, or company sizes?
Dragon Ransomware: Our operations are not limited to a specific region; The Internet is our arena. We target companies with strong economic influence, regardless of where they are located, with a focus on medium and large enterprises that play a major role in resource exploitation.
SuspectFile.com: What is your approach when a victim refuses to pay the ransom?
Dragon Ransomware: When the victim refuses to pay the ransom, we publish or sell his or her data to interested parties. But we always make sure to maintain our credibility; The data we obtain is real, and our work is done with complete professionalism to ensure the loss of the victim in a way that reinforces our message.
SuspectFile.com: Can you describe in detail the type of encryption you use in your attacks?
Dragon Ransomware: We use a complex encryption system based on AES-CBC 256 and RSA. Files are encrypted with a symmetric key, and the private key for decryption is encrypted with a public key. This way, the victim cannot recover his or her data without access to our private key, making the decryption process impossible without our cooperation.
SuspectFile.com: What are the most common vulnerabilities you exploit to penetrate victims’ systems?
Dragon Ransomware: We target technical vulnerabilities in systems, such as vulnerabilities in SMB protocols, as well as human vulnerabilities using social engineering techniques.
SuspectFile.com: Do you use attack tools or methods developed in-house, or do you rely on kits available on the black market?
Dragon Ransomware: All of our tools are programmed in-house. We don’t trust the tools available on the black market; Developing our tools gives us full control over our operations and ensures that there are no vulnerabilities that could be exploited against us.
SuspectFile.com: Does Dragon Ransomware collaborate with other ransomware groups or criminal organizations? If so, how?
Dragon Ransomware: We do not cooperate with any third parties. We do not need anyone, and we believe that any cooperation with other groups may jeopardize our efficiency or our goals.
SuspectFile.com: How do you organize internally? Is there a hierarchical structure within your group?
Dragon Ransomware: We have an internal hierarchical structure that ensures coordination and harmony among team members. Yes, there are leaders, assistants, and ordinary members, but we work together to achieve our goals
SuspectFile.com: Is there a connection between Dragon Ransomware and data brokers or initial access providers?
Dragon Ransomware: We do not have any relationships with data brokers or primary access providers. We rely only on ourselves and our advanced methods.
SuspectFile.com: How do you adapt to increasingly sophisticated countermeasures adopted by companies and authorities?
Dragon Ransomware: We are constantly improving our technology to keep up with the latest security measures. With every new security advance, we find ways to exploit vulnerabilities and efficiently bypass these measures.
SuspectFile.com: What do you think about governmental and international measures against ransomware, such as collaboration between states and law enforcement?
Dragon Ransomware: We believe that these measures are insufficient. Even with the arrest of some groups, this will not prevent the emergence of new, more powerful and dangerous groups. The problem lies in the inability of governments to deal with the real roots of the problem.
SuspectFile.com: Do you have an internal ethical code? Are there victims you consider “off-limits,” such as hospitals or humanitarian organizations?
Dragon Ransomware: Yes, we have strict ethical standards. We do not target hospitals or humanitarian organizations. On the contrary, we help these organizations strengthen their cybersecurity if we can. We believe that innocent lives are not a tool for negotiation.
SuspectFile.com: How do you respond to those who define you as mere criminals? How would you like your actions to be perceived?
Dragon Ransomware: We respond that the world is full of injustice and exploitation. Governments and big companies practice their theft through legal means, and we do what we do to defend the rights of the poor and vulnerable. We are revolutionaries working to achieve justice, not just criminals as they claim.
Now, some questions we ask every group we interview:
SuspectFile.com: SuspectFile.com has reviewed hundreds of negotiation chats from various groups. In some cases, communication issues arose during negotiations. The victim requested concrete proof of data or file loss, but the operator could not respond because all the data was in the hands of the affiliate who targeted the victim. Don’t you think such situations can undermine the trust and credibility of a ransomware group?
Dragon Ransomware: Credibility is an essential part of our strategy. We don’t promise anything unless we deliver. Therefore, we have not encountered any complaints of exploitation or deception of victims. We believe that trust is an integral part of our strength.
SuspectFile.com: Do you believe, as some other groups do, that a security company, which businesses rely on as a “negotiator,” will eventually reach a secret agreement with a ransomware group? Has this ever happened to you?
Dragon Ransomware: This has never happened with us, and we do not believe such agreements are consistent with our principles or goals.
SuspectFile.com: Beyond money and your skills, what are the reasons, if any, that led you to take this path in life?
Dragon Ransomware: What motivated us was seeing the rampant injustice worldwide. We stand with the people whose rights and resources are being stolen by unjust regimes. Our decision was clear; we will not stand idly by while this exploitation continues. The fuse for the fire was the brutal targeting and genocide of innocent people in Gaza by the US and Israel. We will not stand idly by while children, women and men die every day in order to secure the presidential chairs. We reject the support with bombs and missiles from the US, Germany, Britain and France for Israel in order to kill weak peoples. We are from the community and we will continue to stand with weak communities and help them rise and resist corrupt governments.