## DragonForce and Qilin Ransomware Groups Post New Victim Listings on Dark Web Leak Sites Two ransomware-as-a-service operations, DragonForce and Qilin, have published fresh victim entries on their respective dark web leak sites, according to real-time threat intelligence monitoring. DragonForce listed CF Evans Construction as a newly compromised target, while Qilin simultaneously posted Lindabury on its leak portal. The timing and simultaneous activity by two distinct ransomware groups raise concerns about coordinated pressure tactics targeting separate victims across potentially unrelated sectors. CF Evans Construction, a firm operating within the construction and engineering industry, appears on DragonForce's public shaming site, a common pattern where ransomware operators demand payment in exchange for decryptor keys and to prevent data leakage. Lindabury, whose specific sector affiliation remains unclear from available reporting, faces similar exposure on Qilin's platform. Both groups follow the now-standard double-extortion model: encrypting victim networks while exfiltrating sensitive data, then threatening publication if ransom demands go unmet. The posting of these companies suggests initial extortion demands have either been refused or negotiations have stalled. DragonForce, which has been active in the ransomware ecosystem since gaining notoriety in mid-2023, operates under an affiliate model that rents its malware infrastructure to third-party attackers. Qilin operates similarly, functioning as a RaaS (Ransomware-as-a-Service) provider. The dual postings highlight ongoing operational tempo across multiple ransomware actors, a pattern that cybersecurity analysts associate with increased pressure on organizations to pay before data is dumped. Organizations operating in construction, manufacturing, and professional services sectors remain frequent targets due to historically lower cybersecurity maturity and high-value operational data. --- - **Source**: Mastodon:mastodon.social:#infosec - **Sector**: The Vault - **Tags**: ransomware, dragonforce, qilin, double-extortion, ransomware-as-a-service - **Credibility**: unverified - **Published**: 2026-05-09 01:24:47 - **ID**: 80896 - **URL**: https://whisperx.ai/en/intel/80896