DragonForce and Pear Ransomware Groups Claim New Victims in South Africa and US Healthcare Sector Dark Web recent claims + Video

Listen to this Post

Featured ImageIntroduction: A New Wave of Ransomware Claims Raises Global Cybersecurity Concerns

Ransomware groups continue to expand their operations across industries and borders, targeting organizations that hold valuable business, financial, and personal data. Recent threat intelligence monitoring has highlighted new alleged victims connected to two active ransomware operations: DragonForce and Pear ransomware.

According to threat intelligence activity tracked by ThreatMon, the DragonForce ransomware group allegedly added Isegen South Africa (Pty) Ltd, a South African chemical manufacturing company, to its victim list. Separately, the Pear ransomware group reportedly claimed responsibility for compromising South Plains Rural Health Services, Inc., a healthcare organization in the United States.

At this stage, these incidents remain ransomware group claims based on dark web monitoring activity. No independent confirmation has been publicly provided by the affected organizations. However, the appearance of these names on ransomware leak platforms highlights the continued threat posed by cybercriminal groups targeting organizations of all sizes.

DragonForce Ransomware Claims Isegen South Africa as Latest Victim

Dark Web Monitoring Detects New DragonForce Listing

Threat intelligence researchers monitoring ransomware activity reported that the DragonForce ransomware operation allegedly listed Isegen South Africa (Pty) Ltd as a new victim on July 15, 2026.

The listing was detected through dark web ransomware monitoring channels and shared by ThreatMon, a cybersecurity intelligence platform that tracks indicators of compromise, ransomware activity, and threat actor behavior.

At the time of reporting, there was no public statement from Isegen South Africa confirming whether a cyberattack occurred, what systems may have been affected, or whether any data was stolen.

Who Is Isegen South Africa and Why Could It Be Targeted?

Industrial Companies Remain Attractive Ransomware Targets

Isegen South Africa operates within the chemical manufacturing sector, an industry that has become increasingly attractive to cybercriminal groups due to its operational importance and sensitive business information.

Manufacturing organizations often maintain valuable data, including:

Production processes

Supplier information

Financial documents

Customer records

Research and development data

Internal corporate communications

A successful ransomware attack against an industrial company can create significant disruption, especially if attackers gain access to operational networks or sensitive intellectual property.

Pear Ransomware Claims Attack Against South Plains Rural Health Services

Healthcare Sector Faces Continued Cyber Pressure

Another ransomware-related claim emerged from the Pear ransomware group, which allegedly added South Plains Rural Health Services, Inc. to its victim list.

The organization provides healthcare services, making it part of one of the most frequently targeted industries worldwide.

Healthcare providers are particularly attractive to ransomware operators because they manage large volumes of sensitive information, including:

Patient records

Medical histories

Insurance details

Billing information

Employee data

Cybercriminals often believe healthcare organizations face greater pressure to restore operations quickly because disruptions can directly impact patient care.

Why Healthcare Organizations Remain Prime Ransomware Targets

Sensitive Data Creates High Extortion Value

Healthcare data has long been considered valuable on underground markets because medical records contain information that can be exploited for identity theft, fraud, and additional attacks.

Modern ransomware groups increasingly use a double-extortion strategy:

Encrypting internal systems to disrupt operations.

Threatening to publish stolen information if a ransom is not paid.

This approach allows attackers to pressure victims even when organizations have reliable backups.

DragonForce Ransomware: Growing Reputation Among Cybercriminal Groups

A Ransomware Operation Expanding Its Reach

DragonForce has become one of the ransomware names frequently observed in threat intelligence monitoring. Like many modern ransomware operations, the group appears focused on maximizing financial pressure by targeting organizations across multiple industries.

The group’s activities reflect a broader trend where ransomware operators no longer focus only on large corporations. Smaller businesses, healthcare providers, manufacturers, and regional organizations have increasingly become targets.

Pear Ransomware Activity Shows Continued Evolution of Threat Landscape

Newer Groups Continue Entering the Ransomware Ecosystem

The Pear ransomware name has recently appeared in ransomware monitoring reports, demonstrating how the cybercrime ecosystem continues to evolve.

New ransomware brands often emerge as criminal groups reorganize, launch new operations, or attempt to avoid attention associated with older ransomware identities.

The appearance of new ransomware names does not necessarily mean a completely new group has formed. In some cases, ransomware operations may involve affiliates, rebranding efforts, or leaked ransomware infrastructure.

Dark Web Ransomware Claims Require Careful Verification

Listings Do Not Automatically Confirm Successful Breaches

A ransomware group adding an organization to a leak site does not always prove that a successful compromise occurred.

Threat actors sometimes publish false claims to increase their reputation, attract affiliates, or pressure organizations into negotiations.

Security researchers typically look for additional evidence, such as:

Published stolen files

Company disclosures

Regulatory filings

Incident response reports

Technical indicators connected to the attack

Until such evidence becomes available, these incidents should be treated as unverified ransomware claims.

Deep Analysis: Understanding the Bigger Cybersecurity Picture

Ransomware Groups Are Increasingly Industrialized

The modern ransomware ecosystem operates more like a criminal business network than isolated hacking activity. Many groups use affiliates, dedicated negotiation teams, leak websites, and specialized malware developers.

This professionalization allows attackers to scale operations and target organizations worldwide.

Double Extortion Has Become the Default Strategy

Traditional ransomware focused mainly on encrypting files. Today, attackers frequently steal data before encryption.

This creates additional pressure because victims must consider not only downtime but also privacy violations, legal consequences, and reputational damage.

Critical Industries Face Higher Risks

Manufacturing and healthcare remain among the most targeted sectors because disruptions create immediate consequences.

A factory shutdown can interrupt supply chains, while healthcare downtime can affect medical services.

Attackers understand this pressure and often choose victims where urgency increases the likelihood of ransom negotiations.

Organizations Must Assume Breach Attempts Are Inevitable

Cybersecurity experts increasingly recommend moving away from prevention-only strategies.

Even strong security systems can fail against phishing attacks, stolen credentials, insider threats, or previously unknown vulnerabilities.

Organizations should focus on:

Rapid detection

Network segmentation

Strong authentication

Offline backups

Employee awareness training

Incident response preparation

Ransomware Intelligence Helps Reduce Future Damage

Threat intelligence platforms play an important role by monitoring underground activity and identifying early warnings.

When organizations know which ransomware groups are active and which industries are being targeted, they can improve defensive strategies before an attack happens.

The DragonForce and Pear Claims Highlight Persistent Threat Growth

The latest ransomware claims demonstrate that cybercriminal operations remain highly active in 2026.

Although both incidents require further verification, they represent a continuing pattern of attackers searching for vulnerable organizations across different regions and industries.

The Healthcare Sector Needs Stronger Cyber Defenses

Healthcare providers often face cybersecurity challenges due to limited resources, outdated systems, and complex technology environments.

Improving security requires investment in both technical protection and organizational readiness.

Manufacturing Companies Must Protect Operational Networks

Industrial organizations should prioritize separating business networks from operational technology environments.

A ransomware infection spreading into industrial systems could cause severe operational disruption.

Ransomware Will Continue Adapting

Cybercriminal groups constantly change tactics to avoid detection.

Future ransomware campaigns are expected to involve more automation, artificial intelligence assistance, and targeted attacks against specific industries.

What Undercode Say:

Ransomware Claims Show Criminal Groups Are Expanding Their Reach

The DragonForce and Pear ransomware claims represent another example of how ransomware groups continue searching for new opportunities worldwide. Attackers are no longer limiting themselves to technology companies or large enterprises. Every organization with valuable data can become a potential target.

Dark Web Listings Are Both Intelligence Sources and Psychological Weapons

Leak site announcements serve two purposes. They advertise criminal activity while also creating pressure on victims. Even before stolen data is published, organizations may face reputational concerns and operational uncertainty.

Healthcare Remains One of the Most Dangerous Target Categories

The alleged Pear ransomware attack against South Plains Rural Health Services reflects a long-standing pattern. Healthcare providers remain attractive because their data is extremely sensitive and operational interruptions can have serious consequences.

Industrial Organizations Need Strong Security Foundations

The alleged DragonForce targeting of Isegen South Africa highlights risks facing manufacturing companies. Industrial environments often contain valuable intellectual property and operational systems that attackers may attempt to exploit.

Verification Remains Essential in Cyber Reporting

Not every ransomware claim becomes a confirmed breach. Security researchers, journalists, and organizations must separate allegations from verified incidents to avoid spreading inaccurate information.

The Future Ransomware Battlefield Will Focus on Data Control

Attackers increasingly understand that controlling information can be more valuable than simply encrypting systems. Data theft, extortion, and reputation attacks are becoming central parts of ransomware operations.

Organizations Should Prepare Before They Become Victims

The strongest defense is preparation. Companies should maintain tested backups, strong identity controls, continuous monitoring, and clear incident response plans.

✅ ThreatMon reportedly detected ransomware activity involving DragonForce and Pear listings.
The information comes from threat intelligence monitoring activity, but the victim organizations have not publicly confirmed the incidents.

❌ No confirmed evidence currently proves that both organizations suffered successful ransomware attacks.
Dark web ransomware claims can sometimes be exaggerated or false.

✅ Healthcare and manufacturing remain among the most targeted ransomware sectors globally.
Both industries contain valuable information and operational systems that attackers frequently attempt to exploit.

Prediction

(+1) Ransomware monitoring platforms will likely detect more DragonForce and Pear-related activity as these groups continue attempting to expand their visibility and attract attention from potential victims.

(+1) Organizations investing in threat intelligence, identity protection, and incident response preparation will reduce the impact of future ransomware attempts.

(-1) Ransomware attacks against healthcare providers and industrial companies are expected to continue increasing because attackers recognize the high pressure these organizations face during disruptions.

(-1) False ransomware claims may also rise as criminal groups attempt to build reputation and intimidate organizations without always possessing stolen data.

Final Outlook

The alleged DragonForce and Pear ransomware listings demonstrate that the global ransomware ecosystem remains highly active. While these incidents require further confirmation, they reinforce a critical cybersecurity lesson: organizations must assume they are potential targets and continuously improve their defenses against evolving digital extortion campaigns.

▶️ Related Video (70% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: x.com
Extra Source Hub (Possible Sources for article):
https://www.quora.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube