Threat Research

In early 2025, researchers identified a surge of ransomware attacks abusing the SimpleHelp Remote Monitoring and Management (RMM) platform, widely used by MSPs and software vendors. Threat groups such as Medusa and DragonForce exploited three vulnerabilities — CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 — to infiltrate downstream customer networks....

The DragonForce ransomware group has shifted its focus from politically motivated attacks to high-profile financial extortion campaigns, recently targeting UK retailers like Harrods, Marks and Spencer, and the Co-Op, causing significant disruptions to critical operations like payment systems and inventory management....

DragonForce ransomware is a malicious program that encrypts files on compromised systems and demands a cryptocurrency ransom, typically in Bitcoin, for decryption. It spreads through phishing emails, malicious websites, and system vulnerabilities. While it shares similarities with other ransomware variants, DragonForce exhibits distinct features and behaviors....

"DragonForce Ransomware Group is Targeting Saudi Arabia" highlights a recent ransomware attack by DragonForce, which targeted organizations in the Kingdom of Saudi Arabia (KSA). A major incident involved a data breach at a prominent Riyadh real estate and construction company....