Well, the dragons are no longer in fairy tales or fantasy novels. They’re in your networks, disabling your antivirus and asking for Bitcoin. And no, we’re not talking about your teenage nephew playing Elden Ring. This is about DragonForce—a real ransomware threat with global ambitions and an ever-expanding damage portfolio.
The latest victims? M&S, Co-op, Harrods… and a growing list that looks more like a shopping guide than a cybersecurity report.
Who’s behind the fire-breathing mess?
The Scattered Spider gang (yes, that’s their name—sounds like a rejected metal band) is behind this high-profile ransomware blitz. They also go by Starfraud, UNC3944, Scatter Swine, and the somewhat adorable Muddled Libra.
Their attack vector of choice? A dangerous blend of phishing, SIM swapping, MFA bypass, and ransomware-as-a-service (RAAS) via the DragonForce platform.
“Cybersecurity tip: If someone sends you an email saying you’ve won a prize, the only thing you’re winning is a malware infection.”
DragonForce isn’t your average basement hacker toolkit
Let’s break down what makes this firestarter so scary:
- 🔍 Credential harvesting: Like trick-or-treating, but for passwords.
- 🚀 Privilege escalation: Suddenly, the intern has admin rights. Ruh roh.
- 🧹 Antivirus disabling: Bye-bye, protective software.
- 🔐 Data encryption: Pay up, or your files become encrypted gibberish.
- 🕵️♂️ Log deletion: It’s like the crime never happened… until it very much does.
Oh, and it’s all offered as-a-service. Because even cybercriminals love SaaS models.
“Ransomware-as-a-Service: because why build your own evil empire when you can just subscribe to one?”
From Marks & Sparks to Massive Sparks
On April 22, 2025, M&S confirmed it had been hit. The Co-op had to shut down parts of its IT. Harrods restricted internet access after a breach attempt. That’s a luxury-level ‘no thank you’ to malware.
But here’s the kicker: this isn’t a UK-only problem.
According to Killara Cyber, a leader in cyber insurance (and clearly not just there to send you invoices), 57% of DragonForce attacks in the last six months targeted the US. The rest? Spread across Canada, Germany, France, and the UK.
Sectors like construction, healthcare, and legal services are prime targets. You know, just the industries where uptime, confidentiality, and human safety really matter.
Insurance: More Than a Bandaid for Hack Wounds
Killara isn’t just talking about coverage—they’re doing prevention through their CORE platform. CORE scans hundreds of global threat indicators to give companies a predictive early warning system before the dragons knock.
Rick Welsh, Killara’s CEO, made a mic-drop comment:
“Insurance should be better at being preventative before the event than reactive after the event.”
Now that’s a refreshing take—cyber insurance not as a crutch, but a shield.
What can you do (besides panic)?
If you’re a business, this is your wake-up call to:
- Strengthen MFA (and be wary of SIM-swapping vulnerabilities)
- Train your staff to smell phishing a mile away
- Invest in cyber insurance that actually helps you before the breach
- Keep those logs clean, monitored, and protected
- Consider platforms like Killara’s CORE for proactive detection
Final Thought: Burn the myth, not your data
DragonForce isn’t slowing down. Scattered Spider isn’t scattering. And your business? It doesn’t need to be the next headline.
So, whether you’re a luxury retailer, legal firm, or a small-to-mid-sized enterprise, the age of “crossing your fingers and hoping for the best” is over. It’s time to fight fire with CORE intelligence, insurance foresight, and a very solid backup strategy.
And remember—cyber dragons don’t care about your weekend plans.