Here's what we know about the DragonForce ransomware that hit Marks & Spencer

DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.

The gang started operations in August 2023 but its ransomware didn't gain much traction until the following year, when DragonForce operators began advertising for affiliates on dark web forums. The gang has since claimed many victims and drawn the attention of the FBI, which found it was one of 2024’s most prolific ransomware sources.

As of this month, DragonForce has listed 158 victims, and in March the crew rebranded itself as a "cartel" that enables affiliates to create their own brands.

The resulting service allows other crooks to use DragonForce’s infrastructure and tools to deploy any ransomware – not just the gang’s own evil code.

"This is about DragonForce trying to attract as many affiliates as it can to its ...