grep -rl "DragonForce" ./posts

#DragonForce

1 match

DragonForce: Deep Reverse Engineering of the Ransomware Behind M&S and Co-op UK

Full technical analysis of DragonForce's Windows x86 encryptor: MinGW C++ with Salsa20 multi-mode encryption, BYOVD kernel driver EDR bypass (rentdrv2.sys + truesight.sys), WMI shadow copy deletion, Restart Manager file handle killing, IOCP network scanning, and COM-based scheduled task persistence.

2026-07-07 · 20 min

← back to listing