The DragonForce ransomware group emerged around 2023 and is notable for blending financially motivated ransomware activity with hacktivist-style messaging. The group has claimed ideological motives in some campaigns, but its operations largely align with conventional ransomware goals: extorting organizations for payment. DragonForce has targeted a mix of government-linked entities, critical infrastructure, and private sector organizations, particularly in regions tied to its stated political narratives.

DragonForce uses data encryption combined with extortion, and in several cases has threatened or carried out public data leaks to increase pressure on victims. Initial access methods are consistent with common ransomware tactics, including exploitation of exposed services, compromised credentials, and phishing, followed by rapid lateral movement within victim environments.

Technically, DragonForce relies on standard ransomware tooling rather than novel exploits, focusing on disabling backups and security controls before execution.