Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label DragonForce Ransomware Group. Show all posts
ScatteredSpider
Co-op customer data compromise Cyber Attacks cyber intrusion data security DragonForce DragonForce Ransomware Group Malware. Scattered Spider Marks & Spencer ransomware attacks Ransomwares ScatteredSpider

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption

 

Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery. 

The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident. 

Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption. 

Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords. 

Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer. 

Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online. 

This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.
Read more »
trending news
DragonForce Ransomware Group malware News Ransomware trending news

DragonForce Unveils Cartel-Style Ransomware Model to Attract Affiliates

The ransomware landscape is seeing a shift as DragonForce, a known threat actor, introduces a new business model designed to bring various ransomware groups under a single, cartel-like umbrella. This initiative is aimed at simplifying operations for affiliates while expanding DragonForce’s reach in the cybercrime ecosystem. 

Traditionally, ransomware-as-a-service (RaaS) operations involve developers supplying the malicious tools and infrastructure, while affiliates carry out attacks and manage ransom negotiations. In exchange, developers typically receive up to 30% of the ransom collected. DragonForce’s updated model deviates from this approach by functioning more like a platform-as-a-service, offering its tools and infrastructure for a smaller cut—just 20%. 

Under this new setup, affiliates are allowed to create and operate under their own ransomware brand, all while utilizing DragonForce’s backend systems. These include data storage for exfiltrated files, tools for ransom negotiations, and malware deployment systems. This white-label model allows groups to appear as independent operations while relying on DragonForce’s infrastructure. 

A spokesperson for DragonForce told BleepingComputer that the group operates with clear rules and standards, which all affiliates are expected to follow. Any violations, they say, result in immediate removal from the network. Though these rules aren’t publicly disclosed, the group claims to maintain control since all services run on its servers. 

Interestingly, DragonForce claims it avoids certain targets in the healthcare sector, specifically facilities treating cancer and heart conditions. The group insists its motives are purely financial and not intended to harm vulnerable individuals. Cybersecurity analysts at Secureworks have noted that this new structure could appeal to both inexperienced and seasoned attackers. 

The simplified access to powerful ransomware tools, without the burden of managing infrastructure, lowers the barrier to entry and could lead to a broader adoption among cybercriminals. DragonForce has indicated its platform is open to unlimited affiliate brands capable of targeting a range of systems, including ESXi, NAS, BSD, and Windows environments. 

While the number of affiliates joining the network remains undisclosed, the group claims to have received interest from several prominent ransomware outfits. One such group, RansomBay, is already reported to be participating in the model. As this cartel-style operation gains traction, it could signal a new phase in ransomware operations—where brand diversity masks a centralised, shared infrastructure designed for profit and scalability.
Read more »
Ransomware group
Cyber Attacks DragonForce DragonForce Ransomware Group Ohio Lottery Ransomware attack Ransomware group

DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down


On 25 December 2023, the Ohio Lottery faced a major cyberattack, as a result, they had to shut down some crucial systems related to the undisclosed internal application. 

The threat actors behind the breach are the DragonForce ransomware group. 

While the investigation in regards to the breach is ongoing, the company confirms to its customers that its gaming systems are fully functional. The gaming system is still operational, although some services have suffered. At Super Retailers, prize cashing above $599 and mobile cashing are temporarily unavailable. 

The winning numbers for the KENO, Lucky One, and EZPLAY Progressive Jackpots can be found at any Ohio Lottery Retailer; they are unavailable on the internet or mobile app.

In its press release, the lottery states: "On December 24, 2023, the Ohio Lottery experienced a cybersecurity incident impacting some of its internal applications and immediately began work to mitigate the issue. The state's internal investigation is ongoing. We apologize for the inconvenience and are working as quickly as possible to restore all services."

What must the Customers do?

The company has requested customers to check the Ohio Lottery website and mobile app for winning numbers at this time.  WKYC informs that prizes up to $599 can be claimed at any Ohio Lottery Retailer, while prizes over $600 need to be sent by mail to the Ohio Lottery Central Office or using the online claim form. 

Ransomware Gang Claims Responsibility

While Ohio Lottery did not confirm who was behind the cyberattack, a ransomware group called DragonForce claimed responsibility. 

According to a report by BleepingComputer, the threat group claims that they have encrypted devices and accessed sensitive data like Social Security Numbers and the date of birth of affected customers. 

According to the DragonForce gang, over 3,000,000 lottery customers' names, addresses, emails, winning amounts, Social Security numbers, and dates of birth are among the data that have been hacked. The weight of the released data—more than 600 gigabytes—raises questions regarding the scope of the hack. 

DragonForce: A New Competitor in the Ransomware Arena

Despite being a relatively young ransomware gang, the DragonForce gang's methods and data leak website suggest a rather experienced extortion organization. As law enforcement steps up their efforts to combat ransomware activities, new organizations like DragonForce are coming into action, which raises the issue of rebranding within the threat landscape. 

In a similar case, the official Facebook page of the Philippines lottery system was recently hacked by anonymous hackers. The witnesses reported that threat actors were apparently spamming the website page with nude photos. This prompted the Philippine Charity Sweepstakes Office (PSCO) to shut down the page for the time being, during which the Cybercrime Investigation and Coordinating Center (CICC) will conduct its investigation.   

Read more »
Subscribe to: Posts (Atom)