Pierluigi Paganini
February 27, 2025
DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA). A significant incident identified by Resecurity involved a data leak from a prominent real estate and construction company in Riyadh, which has projects with major conglomerates in the energy, oil and gas, government, and defense sectors.
This ransomware attack is part of a broader trend of cyber threats facing the region, particularly against critical infrastructure and major corporations. The new incident is an important signal to local law enforcement and the cybersecurity community, as new victims will soon appear in the MENA region. The attack will likely expand beyond the MENA region as their techniques prove effective.
It is the first time the ransomware gang has targeted a large KSA enterprise entity. According to claims made by the actors, the total volume of exfiltrated data exceeds 6 TB. Notably, the target and timing were not chosen randomly. Initially announced on February 14, 2025, DragonForce started to extort the victim to pay to prevent the publication of stolen data. The deadline was set for one day before Ramadan begins on February 28, 2025.
“As soon as the deadline had been reached, DragonForce released the leaked data consisting of over 6 TB of files, which included internal and confidential documents related to the operations and clients of the company. Typically, the group created a dedicated URL for this that was different from the official DLS site.” reads the report published by Resecurity.
The targeting of KSA by ransomware groups like DragonForce raises concerns about the security of critical infrastructure in the region. Resecurity and other cybersecurity experts warn that such attacks will have severe implications for the affected companies, national security, and economic stability.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DragonForce ransomware)
