Report: LockBit, Qilin, DragonForce join forces as ransomware cartel

Published: 10 October 2025
LockBit ransomware
Image by Cybernews.

It’s not exactly clear what the impact is going to be, but the announcement by LockBit, DragonForce, and Qilin – three of the biggest names in the world of ransomware and data extortion – certainly sounds menacing.

According to security vendor ReliaQuest’s new threat intelligence report titled “Ransomware and Cyber Extortion in Q3 2025,” LockBit has formed a coalition with prominent ransomware groups DragonForce and Qilin.

The partnership, which is poised to drive more frequent and effective ransomware attacks, was announced by DragonForce on its leak site. The gangs further invited other partners to join should they “care about the future of our challenging field.”

ADVERTISEMENT

LockBit, one of the most prominent ransomware-as-a-service (RaaS) operations, was taken down last year after an international police operation.

The coordinated action included infrastructure seizure, sanctions, a name-and-shame campaign where LockBit's data leak site was repurposed and its leader unmasked, and multiple arrests.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

However, the gang recently launched its LockBit 5.0 affiliate service and allegedly intends to begin targeting critical infrastructure entities. With the help of Qilin, the group behind the recent attack on Asahi, and DragonForce, a relative newcomer, the danger is even bigger.

“This alliance could help restore LockBit’s reputation among affiliates following last year’s takedown, potentially triggering a surge in attacks on critical infrastructure and expanding the threat to sectors previously considered low risk,” said ReliaQuest.

According to ReliaQuest researchers, similar partnerships have proven transformative in the past.

For instance, when LockBit joined forces with the Maze ransomware group in 2020, that collaboration introduced double extortion tactics, combining system encryption with data theft to heighten pressure on victims, and used Maze’s data-leak site to amplify impact.

A new partnership with Qilin and DragonForce could allow LockBit to continue earning money from hacking operations.

ADVERTISEMENT

Experts from Optiv’s Global Threat Intelligence Center agree. They told Cybernews: “It is possible that a coalition between LockBit, Qilin, and DragonForce could lead to improved tactics and an increased volume of attacks through shared resources.”

Besides, when the US imposed sanctions on LockBit and its senior leader, Russian national Dmitry Khoroshev, it made it illegal for US entities to pay ransoms to the group.

A new partnership with Qilin and DragonForce could allow LockBit to continue earning money from hacking operations.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT