![Apple Drops New Immersive Adventure Episode for Vision Pro: 'Hill Climb' [Video]](https://www.iclarified.com/images/news/97133/97133/97133-640.jpg)
![Most iPhones Sold in the U.S. Will Be Made in India by 2026 [Report]](https://www.iclarified.com/images/news/97130/97130/97130-640.jpg)
![This new Google TV streaming dongle looks just like a Chromecast [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/thomson-cast-150-google-tv-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Hostinger Horizons lets you effortlessly turn ideas into web apps without coding [10% off]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/04/IMG_1551.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
_Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[FREE EBOOKS] AI and Business Rule Engines for Excel Power Users, Machine Learning Hero & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models
Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025. Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability in the ever-evolving cybercrime landscape. DragonForce, which emerged in August 2023 as a traditional ransomware-as-a-service […] The post DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models appeared first on Cyber Security News.
Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025.
Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability in the ever-evolving cybercrime landscape.
.webp)
DragonForce, which emerged in August 2023 as a traditional ransomware-as-a-service (RaaS) operation, began advertising on underground forums in February 2024.
By March 2025, their victim count had grown to 136 organizations listed on their leak site.
The group recently rebranded itself as a “cartel” and announced a shift to a distributed model allowing affiliates to create their own customized “brands” while leveraging DragonForce’s infrastructure.
Secureworks Counter Threat Unit (CTU) researchers identified that Anubis, another emerging threat, first appeared on underground forums in late February 2025 with a different approach to affiliate recruitment.
Unlike traditional ransomware operations focused solely on encryption, Anubis offers three distinct extortion options with varying profit-sharing models, significantly diversifying their attack methodology and potential victim impact.
.webp)
The ransomware landscape continues to present significant threats to organizations across sectors.
These new affiliate models demonstrate how threat actors adapt their business practices to maintain profitability as victims become more resistant to paying ransoms, potentially leading to more sophisticated and persistent attack campaigns.
Anubis’s Three-Tiered Extortion Approach
Anubis distinguishes itself with three distinct operational modes designed to appeal to different types of affiliates.
The first follows the traditional RaaS model involving file encryption, offering affiliates 80% of ransom payments.
The second option, termed “data ransom,” focuses exclusively on data theft without encryption, providing affiliates with 60% of payments.
The third and most innovative approach, “accesses monetization,” assists threat actors in extracting ransoms from victims they’ve already compromised, offering affiliates 50% of collected funds.
The “data ransom” methodology involves publishing detailed “investigative articles” about victims’ sensitive data on password-protected Tor websites.
Victims receive access to review these articles and negotiate payments. Should victims refuse to pay, Anubis escalates pressure through multiple channels, including publishing victim names via X (formerly Twitter) and notifying customers.
Most notably, Anubis threatens to report non-compliant victims to regulatory authorities including the UK Information Commissioner’s Office, U.S. Department of Health and Human Services, and the European Data Protection Board.
This regulatory reporting tactic, while not entirely unprecedented, represents a significant escalation in extortion techniques.
In November 2023, the GOLD BLAZER threat group reported an ALPHV (BlackCat) compromise to the U.S. Securities and Exchange Commission after a victim refused payment, demonstrating the growing sophistication of pressure tactics in the ransomware ecosystem.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models appeared first on Cyber Security News.
