Here's what we know about the DragonForce ransomware that hit Marks & Spencer DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists. The gang started operations in August 2023 but its ransomware didn't gain much traction until the following year, when DragonForce …
The best way to ensure that ransoms are not paid would be to make them illegal. It wouldn't be immediate complete prevention but would be more effective after the first prosecution of a board that did.
Couple that with offering big rewards for information leading to the identification and capture of those responsible. There are probably a few who, in return for immunity and cash, might contrive to inveigle or otherwise exfiltrate their associates to somewhere where there's extradition.
It's a nice idea, and I think of enacted globally it may work.
Unfortunately, next time the NHS most all or days and it health records become inaccessible, What's the plan for getting them back?
Backups etc assume a level of competency rarely demonstrated in the public sector, and not witnessed on the private sector often enough.
Too often what will happen under your plan is that all the ordinary workers will become suddenly unemployed because the company got closed. That's maybe ok if you're in the public sector, where recessions and job loss are just words in a dictionary, but in the real world this would be a problem. A bit longer socialism then, nice theory, nothing more.
No so much as having standards, more the worry that Russian Law Enforcement is more focused on the word Enforcement than the word Law when it comes to dealing with threats to Russian interests. Why put a bounty on your head by attacking Russian targets when there are so many easy targets in the west.
On the other hand, whether any of the above is true or not, it's interesting that any of these "ransomware as a service" outfits who have restrictions, only ever seem to prohibit either Russia or China as targets. You NEVER see any of them warning their users against going after EU or US targets. Is that fear of reprisals or is it more of a political stance because of who might be backing, or at least encouraging them?
It's just fear.
Imagine you had to fuck the wife of a world leader and imagine they were definitely going to catch you doing it.
Putin and Xi would be close to last on your list because it'd be fatal. Trump would be top of mine because Melania and no real impact of him knowing, starmer maybe as what's he really gonna do? For the most part I've no idea what the ladies in question look like and it's definitely not the primary selection criteria.
If the consequences of being targeted are unpleasant enough and likely enough to be visited upon the transgressor, it's perfectly possible to slide through life unimpeded by crime. People don't steal mafia bosses cars, for example.
"...some ransomware variants run checks on the OS or keyboard language to ensure it is not Russian before proceeding with encryption routines."
I wonder if it looks at the language actually selected at the time, or merely enabled in the keyboard locale switcher (or whatever Windows uses these days). Having Russian as the "main" language, while actually using your own, might be a low-cost way of making yourself less likely to be targeted.
What's to learn here other than they don't target schools/hospitals and they don't do anything in Russia?
I came here for an idea as to how M&S and the Co-Op got smacked by it. Not how people are guessing what this DragonForceBallZ are up to or operating.
Jesus Christ the BBC have more useful information about the hacks than El Reg right now.
Ukrainians - totally not known for being utterly involved in this
udicial and law enforcement authorities from seven different countries have joined forces in an action against a criminal network responsible for significant ransomware attacks across the world. These attacks are believed to have affected over 1,800 victims in 71 countries. The perpetrators targeted large corporations, effectively bringing their business to a standstill and causing losses of at least several hundred millions of euros.
A recent operation supported by Eurojust and Europol led to the arrest of the ringleader and the detention of four suspects in Ukraine. A total of 30 places were searched and over a hundred digital equipment tools were seized.
generic attack word More than 20 investigators from Norway, France, Germany and the United States were deployed to Kyiv to assist the Ukrainian authorities. This latest action follows a first round of arrests in 2021 in the framework of the same investigation.
https://www.eurojust.europa.eu/news/ransomware-group-dismantled-ukraine-major-operation-supported-eurojust-europol
Here's a Ukrainian Terror attack in London - despite it literally targeting the PM, we aren't being told it's a Terrorism - because White Perpetrator so obviously <emph>"mentally ill with bright future tragically cut short, by senseless random act with no context whatsoever"</emph>
I'd lay good money that this person has lost family forcibly conscripted in Ukraine, and is aware what has happened to his country and blames Keith's EnglishZionism desperate attempt to milk the weapons contracts for a few more mineral concessions - though isn't this all rather theoretical in that the minerals that have been promised to the septics are uneconomical available.
https://www.politico.eu/article/ukrainian-man-charged-arson-after-fire-keir-starmers-house/
I'm being told that I'm a conspiracy theorist and that it's not being described as Terrorist because this chap is really a Jilted former lover of the PM who happens to know his addresses because he'd previously visited them.
I'm genuinely unsure if I'm being trolled here, that's utterly deluded right, the PM is shagging random Ukrainians rather than the media in the UK reserves the phrase Terrorist for brown people.
It just seems a bit tinfoil hatty and seems based entirely on this chap getting a studio photo into the papers, rather than a police photo and the interesting detail, that he speaks no english https://pbs.twimg.com/media/GrF92UWXwAAi6VU?format=jpg&name=large
Agreed… though it’s more info than has come out of Full Disclosure from M&S, Co-op and Harrods.
My 1 single mail from Jane Wall - Operations Director at M&S told me nothing over 3 lawyer approved paragraphs and 1 mail from ‘Shrine’ - the cash overpaid Coop CEO - similar. I’m not a Harrod’s customer - lol.
I hope at least they have been more up front with ICO
Your joke “this is not just a breach, it’s an M&S breach” has made it as a cartoon in the current issue of private eye.
Albeit with “breach” replaced with “cyber attack”.
Perhaps you should approach them for a reward for original idea?
Have a Register cyber award ———>>>>>
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
