View All R&D Articles

DragonForce Ransomware Group Posts Audio of Conversations with Victims

April 14, 2024

In an apparent attempt to compel their victim to pay up, the ransomware gang DragonForce has published a recording of a phone call with one of its victims’ employees.

The recording was published on DragonForce’s dark web page. For ethical reasons, is not publicizing the name of the apparent victim, and we are not republishing the call.

TechCrunch reports the details of the call, with names omitted. It reads as a “hilarious and failed attempt” to intimidate the victim — or a business’s failure to educate its employees, depending on your perspective. 

In the recording, the caller asks to speak with management, but stays on hold until a woman named Beth answers. Beth says that she’s unfamiliar with the purported data breach.

“Now, why would you hack us?” she says. “Is there a reason why you chose us?”

The hacker doesn’t respond to her question, but reiterates that the company has eight hours to negotiate a ransom payment. Beth chides the hacker, noting that phone recordings are illegal in the company’s home state.

““Ma’am, I am a hacker,” the attacker explains. “I don’t care about the law.”

DragonForce has quickly built its reputation with a string of high-profile attacks. 

The gang successfully attacked the Ohio Lottery in December 2023, forcing the  organization to suspend its games and compromising the personal information of millions of players. The stolen data reportedly included social security numbers and dates of birth. 

And in April 2024, the DragonForce group allegedly stole more than 21 gigabytes of data from the government of Palau, an island country in Micronesia. Palau has denied that the stolen data contains sensitive information.

Related: Should You Pay For Ransomware? Never — Here’s Why.

Why are cybercriminals “calling the front desks” of victims?

Ransomware is extortion, plain and simple. Embarrassing a business might compel them to negotiate — victims simply want to end the public relations nightmare of a high-profile ransomware infection as soon as possible. 

But it’s worth noting that ransomware payments are, in many cases, illegal. The U.S. Office of Foreign Assets Control (OFAC) notes that many ransomware gangs are based in sanctioned countries like Russia, Iran, and North Korea; payments to these organizations may violate the law, resulting in fines.

When ransoms are paid, those payments must be reported to relevant authorities. However, it’s generally a bad idea to negotiate with criminals; a significant portion of businesses that pay for ransomware do not restore access to their data. 

Related: Ransomware Attack Data Recovery: 4 Factors to Consider

Build a proactive ransomware strategy.

At, we’ve developed methods for addressing many ransomware infections remotely or onsite. If you’ve encountered data loss due to malware, we recommend disconnecting the infected system and contacting a professional ransomware recovery provider as soon as possible. 

Of course, the best practice is to make a disaster recovery strategy before cybercriminals call your front desk. Penetration (PEN) testing and backup analysis can help you identify potential vectors of attack and ensure the stability of key systems — and a professional data partner can help you get started. 

Call 1-800-237-4200 or submit a case online to speak with a ransomware recovery expert.