Cyber Threat Intelligence
DR

Dragonforce Ransomware

Active

Threat actor group tracked in the global ransomware database ยท Last disclosure: Apr 3, 2026

Ransomware-as-a-Service (RaaS) Double Extortion Target: Manufacturing
436
Total Victims
2.6% of all tracked
50
Countries Targeted
10
Sectors Targeted
2026
First Seen

Threat Actor Analysis

Dragonforce is a ransomware threat group that has disclosed 436 victims in publicly accessible leak site data, representing 2.6% of all ransomware attacks tracked in this database. The earliest victim disclosure attributed to Dragonforce in our dataset dates to March 2026.

Geographically, Dragonforce has targeted organisations in 50 countries. The most frequently targeted nation is United States with 190 victim organisations. Other heavily targeted nations include United Kingdom, Germany, Italy.

Industry-wise, Dragonforce shows a concentration in the Manufacturing, Technology, Construction sectors. These industries are frequently targeted because they manage sensitive data, critical operations, or have lower tolerance for operational downtime โ€” conditions that increase ransom payment likelihood.

Like most modern ransomware operations, Dragonforce likely employs a double extortion model: encrypting victim files while simultaneously exfiltrating data, creating dual pressure to pay the ransom. Victim organisations that refuse payment face having their data published on the group's dark web leak site.

Note: This profile is generated from public leak site disclosures aggregated via the ransomware.live API. Data is updated automatically. The victim table below shows the 45 most recent cached victims; the total victim count (436) reflects the complete database.

Recent Victim Disclosures (45 cached of 436 total)

# Organization Country Sector Date
1
Asmar Schor & McKenna
asm-law.com 		๐Ÿ‡บ๐Ÿ‡ธ United States โ€” Apr 3, 2026
2
singita.com
singita.com 		๐Ÿ‡ฟ๐Ÿ‡ฆ South Africa Hospitality and Tourism Apr 2, 2026
3
cesimaging.com
cesmn.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Technology Apr 2, 2026
4
jbrand.co.uk
www.jbrand.co.uk 		๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom โ€” Apr 2, 2026
5
acmealliance.com
www.acmealliance.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Manufacturing Apr 2, 2026
6
northstarmetal.com
northstarmetal.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Manufacturing Apr 2, 2026
7
kleankanteen.com
kleankanteen.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Consumer Services Apr 2, 2026
8
bunch.ca
bunch.ca 		๐Ÿ‡จ๐Ÿ‡ฆ Canada โ€” Apr 2, 2026
9
sutex.com
sutex.com 		๐Ÿ‡จ๐Ÿ‡ณ China โ€” Apr 2, 2026
10
fhw-neukoelln.de
fhw-neukoelln.de 		๐Ÿ‡ฉ๐Ÿ‡ช Germany โ€” Apr 2, 2026
11
greenwayfence.com
greenwayfence.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Construction Apr 2, 2026
12
congoleum.com
congoleum.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Manufacturing Apr 2, 2026
13
atpkg.com
www.atpkg.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Technology Apr 2, 2026
14
Fountain
fountain.eu 		โ€” โ€” Apr 1, 2026
15
Elara Engineering
elaraeng.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Construction Apr 1, 2026
16
blossmangas.com
www.blossmangas.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Energy Apr 1, 2026
17
First Trinity Financial
firsttrinityfinancial.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Financial Services Apr 1, 2026
18
Alliance Select Foods International
allianceselectfoods.com 		๐Ÿ‡ต๐Ÿ‡ญ Philippines Agriculture and Food Production Mar 29, 2026
19
Edward Beiner
www.edwardbeiner.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Consumer Services Mar 27, 2026
20
STS Travel
ststravel.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Hospitality and Tourism Mar 27, 2026
21
Groupe Courtois Automobiles
groupe-courtois.fr 		๐Ÿ‡ซ๐Ÿ‡ท France Consumer Services Mar 27, 2026
22
Durable Superior Casters
durablesuperior.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Manufacturing Mar 26, 2026
23
ssp-ce.de
ssp-ce.de 		๐Ÿ‡ฉ๐Ÿ‡ช Germany Technology Mar 26, 2026
24
kalimaresort.com
www.kalimaresort.com 		๐Ÿ‡ฌ๐Ÿ‡ท Greece Hospitality and Tourism Mar 26, 2026
25
pridesol.com
pridesol.com 		BD Technology Mar 26, 2026
26
M3 Group
m3group.biz 		LU โ€” Mar 24, 2026
27
Edifice Design + Architecture
www.edificedna.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Construction Mar 20, 2026
28
The Farese Group
www.faresegroup.com 		๐Ÿ‡บ๐Ÿ‡ธ United States โ€” Mar 20, 2026
29
sopower.com
www.sopower.com 		๐Ÿ‡ฏ๐Ÿ‡ต Japan Energy Mar 20, 2026
30
liverpoolphil.com
www.liverpoolphil.com 		๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom โ€” Mar 20, 2026
31
centreconcrete.com
www.centreconcrete.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Construction Mar 20, 2026
32
theunlimited.co.za
www.theunlimited.co.za 		๐Ÿ‡ฟ๐Ÿ‡ฆ South Africa Financial Services Mar 20, 2026
33
wardencc.com
wardencc.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Technology Mar 20, 2026
34
odayequipment.com
odayequipment.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Transportation/Logistics Mar 20, 2026
35
Oriska Insurance
www.oriskainsurance.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Financial Services Mar 20, 2026
36
Mercedes-Benz of Arlington
justmercedes.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Consumer Services Mar 19, 2026
37
vatractor.com
www.vatractor.com 		๐Ÿ‡บ๐Ÿ‡ธ United States โ€” Mar 19, 2026
38
Health Management Systems
hms.com.au 		๐Ÿ‡บ๐Ÿ‡ธ United States Healthcare Mar 19, 2026
39
gasteiger.design
gasteiger.design 		๐Ÿ‡ฉ๐Ÿ‡ช Germany โ€” Mar 18, 2026
40
Construction Equipment Parts
ceparts.com 		โ€” Manufacturing Mar 18, 2026
41
Dynex/Rivett
dynextechnologies.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Manufacturing Mar 18, 2026
42
Flexform
www.flexform.it 		๐Ÿ‡ฎ๐Ÿ‡น Italy Manufacturing Mar 18, 2026
43
HARTMANN BAU
hartmann-bau.ch 		๐Ÿ‡ฉ๐Ÿ‡ช Germany Construction Mar 18, 2026
44
Conrad Capital Management
conradcapital.com 		๐Ÿ‡บ๐Ÿ‡ธ United States Financial Services Mar 18, 2026
45
bestgraphics.net
bestgraphics.net 		โ€” Technology Mar 17, 2026
View all Dragonforce victims in the full database โ†’

Frequently Asked Questions

What is Dragonforce ransomware?

Dragonforce is a ransomware threat group that has claimed 436 victims since its first known activity in March 2026. The group operates by infiltrating target networks, exfiltrating data, encrypting files, and threatening to publish stolen data on a dark web leak site if the ransom is not paid.

How many victims has Dragonforce attacked?

Dragonforce has claimed 436 victims in our database, representing 2.6% of all tracked ransomware attacks. The most targeted countries are United States, United Kingdom, Germany, Italy.

Which countries does Dragonforce target?

Dragonforce has attacked organizations in 50 countries. The top targeted countries are: United States, United Kingdom, Germany, Italy.

Which industries does Dragonforce target?

Dragonforce most frequently targets the Manufacturing, Technology, Construction sectors based on victim disclosures in our database.

Is Dragonforce still active?

Dragonforce's most recent victim disclosure in our database was on April 3, 2026. Ransomware groups frequently rebrand or go dormant; monitor this page and our ransomware map for the latest activity.