DragonForce Ransomware Gang Allegedly Steals 97 GB of Data from German Insurer HanseMerkur
The Russia-linked ransomware group DragonForce has claimed responsibility for stealing nearly 97 GB of sensitive corporate data from HanseMerkur, a major German insurance provider. The leaked files, published by the gang, include financial documents such as invoices, tax records, and vouchers, as well as materials referencing Emirates Insurance, HanseMerkur’s partner in the United Arab Emirates.
HanseMerkur has not yet confirmed the breach or responded to DragonForce’s claims. The attack aligns with the group’s recent surge in activity, which saw it compromise 185 organizations in 2023, according to Cybernews’ Ransomlooker tool. DragonForce operates as a ransomware-as-a-service (RaaS) provider, recently forming partnerships with the Qilin and LockBit gangs.
Last year, the group targeted high-profile victims, including Mobilelink US (a leading Cricket Wireless dealer), U.S. department store chain Belk, and UK retailers Marks & Spencer and Co-op. Despite past reports from Group-IB indicating that DragonForce avoided attacking critical infrastructure, hospitals, NGOs, and Commonwealth of Independent States (CIS) nations, its recent operations suggest an expanding threat landscape.
Source: https://www.scworld.com/brief/dragonforce-purports-breach-of-leading-german-insurer
HanseMerkur cybersecurity rating report: https://www.rankiteo.com/company/hansemerkur
Emirates Insurance Company cybersecurity rating report: https://www.rankiteo.com/company/emirates-insurance-company
"id": "HANEMI1775324375",
"linkid": "hansemerkur, emirates-insurance-company",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Insurance',
'location': 'Germany',
'name': 'HanseMerkur',
'type': 'Insurance Provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'Sensitive corporate data',
'type_of_data_compromised': ['Financial documents',
'Invoices',
'Tax records',
'Vouchers']},
'description': 'The Russia-linked ransomware group DragonForce has claimed '
'responsibility for stealing nearly 97 GB of sensitive '
'corporate data from HanseMerkur, a major German insurance '
'provider. The leaked files include financial documents such '
'as invoices, tax records, and vouchers, as well as materials '
'referencing Emirates Insurance, HanseMerkur’s partner in the '
'United Arab Emirates.',
'impact': {'data_compromised': '97 GB of sensitive corporate data'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'DragonForce'},
'references': [{'source': 'Cybernews'}, {'source': 'Group-IB'}],
'threat_actor': 'DragonForce',
'title': 'DragonForce Ransomware Gang Allegedly Steals 97 GB of Data from '
'German Insurer HanseMerkur',
'type': 'Ransomware'}