Intel Name: Dragonforce ransomware gang | from hacktivists to high street extortionists
Date of Scan: May 12, 2025
Impact: High
Summary: The DragonForce ransomware group has shifted its focus from politically motivated attacks to high-profile financial extortion campaigns, recently targeting UK retailers like Harrods, Marks and Spencer, and the Co-Op, causing significant disruptions to critical operations like payment systems and inventory management. This marks an evolution from their previous high-profile targets, including government institutions, commercial enterprises, and organizations in countries like Israel, India, and Saudi Arabia. Known for heavily targeting law firms and medical practices, DragonForce’s tactics have become more financially driven, with a broad range of victims spanning multiple sectors and geographies. This post explores the group’s evolution, attack methods, and the rising threat they pose to both retail and critical infrastructure.
The term “Scattered Spider” refers to the hacking group suspected of carrying out the April 2025 cyberattack on Marks & Spencer (M&S). The group is associated with deploying DragonForce ransomware, which encrypted M&S systems and led to major disruptions across both online and physical store operations.
