Team Partners Telecommunications

Being held to Ransom

Posted on May 22, 2025  | Tags: security

Was the time that hacking was a particularly nasty cough, or, in certain circles, something you did on horseback. How it become what we now understand it to be is, as are most such things, slightly circuitous but centres on the idea that to hack into something is to find a short-cut, hence, back in the 1950s and 60s hackers were considered clever…which, grudgingly, may still be the case.

We’ve written at some length in these blogs about the importance of firewalls, strong unique passwords and double factor authentication. We’ve mentioned the importance of keeping your software up to date, backing up regularly and considering the use of a VPN, so one might imagine that the recent spat of high-profile hacks being inflicted on our major retailers will have been as a result of some extremely clever and fiendishly advanced computer skullduggery that has left all known experts in its wake. Such, however, appears not to be entirely the case. Reports have it that something rather more mundane was in play. It was simple trickery.

Responsible, it is thought, is a hacking collective known as variably as Scattered Spider, or Octo Temptest, a largely US/UK group of 20somethings who have hit MGM Resorts and Caeser’s Casino in the past. But it might not have been. Also suspected are DragonForce, originally a pro-Palestinian hacktivist group allegedly based in Malaysia and behind attacks in Honolulu and the Ohio State Lottery. Perhaps significantly, DragonForce’s operatives fairly recently claimed to have taken over RansomHub, a ransomware-as-a-service (RaaS) syndicate’s set of tools that Scattered Spider members used in the past, so this might explain the uncertainly as to who exactly was behind the attacks on Marks and Spencer, the Co-op and Harrods.

We’ve mentioned simple trickery and the truth is that no matter how secure a company’s systems may be, if you invite an unknown entity within your firewall and that unknown has malicious intent, you’ve given permission for everything that subsequently happens. DragonForce combines phishing emails carrying malicious attachments or links with probing for unpatched vulnerabilities in internet facing services. Their combination of social engineering, software manipulation and sheer force help them to gain the important initial foothold, after which they install a proxy tunnel back to their own servers and then map and move through their target’s systems.

These attacks against high profile retailers have been considered newsworthy because of the disruption caused, but they are by no means unusual. In the month of April, Comparitech, the consumer awareness company, logged 479 ransomware attacks, a figure actually lower than the three previous months, with 973 in February, although only 39 of the 479 were acknowledged by the target organisation. Of the attacks in April, 24 were on government entities, 22 healthcare and 14 educational, the reminder being commercial organisations.

We’re going to be seeing a lot more hacking and ransomware demands. Earlier this year DragonForce launched RansomBay, essentially an off-the-shelf, white label package that anyone who fancies a life of crime can have access to for just 20% of the proceeds.

It’s a scary prospect. Organisations have to teach their staff to trust nothing that arrives through the internet and to use every available level of security. Nothing, nobody is sacred.