Keypoints
- DragonForce has been linked to high-profile retail breaches in the UK, including Marks & Spencer and Co-op.
- The group uses a white-label RaaS model to allow affiliates to deploy rebranded ransomware encryptors.
- The attack on the MSP exploited known vulnerabilities in the SimpleHelp platform to access customer systems.
- Threat actors performed reconnaissance before stealing data and deploying ransomware, with some attacks blocked by endpoint protection.
- The targeting of MSPs facilitates widespread ransomware infections across multiple organizations.