adarma_logo_twgt-black[11615449]
adarma_logo_twgt-black[11615449]
Security Consulting
Strategy & Transformation
Security Engineering
Assessments
Threat Intelligence Exposure Management
Detection & Response
Managed SOC
Microsoft MDR Solution
Security Engineering
Incident Response
Socket Platform
About Us
We Are Adarma

Your partner for effective cyber threat management
ESG

Protecting the promise of cyber resilience
Partners

Working in partnership to make the world a safer place
Careers

Become a Cyber Defender
Contact Us

Get in touch today
Insights
Cyber Hub
Cyber Insiders
News & Blog
Incident Preparedness
SIEM Transformation
Future-Ready SOC Report
SecOps Excellence
Events
Share:
May 9, 2025

Retail Under Attack: What You Need to Know About DragonForce Ransomware

DragonForce has been named in media reports as the ransomware group linked to Scattered Spider, the threat actor allegedly behind recent cyber-attacks on UK retailers including Marks and Spencer, Harrods, and the Co-op. While attribution remains unconfirmed, DragonForce’s growing presence in the Ransomware-as-a-Service (RaaS) ecosystem has drawn increased attention from the cybersecurity community.

In this episode of Cyber Insiders, Adarma’s Threat Lead, Cian Heasley, explores what is currently known about DragonForce, how they operate, and why they’re being discussed as a rising player in the ransomware landscape.

 

What’s covered: 

  • The reported activities and capabilities of DragonForce
  • Their use of RaaS infrastructure, extortion tactics, and known tooling
  • The group’s emergence amid the decline of RansomHub and LockBit
  • How organisations can prepare for similar threats and improve resilience

 

We also touch on the confusion between DragonForce Ransomware and other groups using the same name, and what this says about the challenges of attribution and open-source intelligence.

Watch now on our YouTube channel or search Cyber Insiders on your podcast app to listen. 

 

 

Contact Us