Contact

DEVMAN Ransomware: Analysis of New DragonForce Variant

NetmanageIT OpenCTI - opencti.netmanageit.com

DEVMAN Ransomware: Analysis of New DragonForce Variant



SUMMARY :

A new ransomware strain resembling DragonForce but with unique traits has emerged, possibly connected to an entity called DEVMAN. The sample reuses DragonForce code but adds its own elements, including the .DEVMAN file extension. Attribution is unclear, as the ransom note is identical to DragonForce's. The malware operates offline, probes for SMB connections, and uses three encryption modes. It exhibits different behaviors on Windows 10 and 11, particularly in changing wallpapers. The ransomware encrypts its own ransom notes, likely due to a builder flaw. DEVMAN claims to have stopped using DragonForce months ago, suggesting this may be an experimental or outdated build.

OPENCTI LABELS :

ransomware,raas,conti,dragonforce,mamona,blacklock,devman


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DEVMAN Ransomware: Analysis of New DragonForce Variant