DragonForce Ransomware Cartel Targets Major UK Retailers

Ransomware-as-a-Service (RaaS) has become a dominant cybercrime business model, enabling ransomware operators to lease their malware to affiliates, who then carry out attacks, often with help from Initial Access Brokers (IABs) that specialize in breaching networks and selling access. This model has fueled the rapid growth and sophistication of ransomware attacks globally, as different criminal actors take on specialized roles such as malware development, access brokering, and attack execution. DragonForce has recently emerged as a significant RaaS player, targeting high-profile UK retailers and offering customizable ransomware kits and leak sites while attracting affiliates with a competitive revenue share and a focus on anonymity and flexibility. The collapse of legacy RaaS platforms like RansomHub has further boosted groups like DragonForce, leading to a spike in ransomware incidents, with the consumer goods and services sector being particularly hard hit. Experts recommend that organizations defend against such threats by improving employee training, strengthening authentication, and maintaining comprehensive visibility across their IT networks. The evolving RaaS ecosystem highlights the increasing need for cyber resilience and proactive defense strategies to mitigate the growing risk of ransomware attacks.