The PolySwarm Blog

Verticals Targeted: Legal Services, Law Firms
Regions Targeted: US, Europe, Israel
Related Threat Actors and Malware: UNC3753, Akira, Qilin, DragonForce, INC, The Gentlemen

Executive Summary

Legal services organizations continue to face elevated cyber risk due to the vast quantities of confidential information they maintain on behalf of clients. Law firms, legal consultancies, title services, and compliance organizations routinely store merger and acquisition plans, litigation records, intellectual property, financial disclosures, personally identifiable information (PII), and privileged communications. Recent activity attributed to UNC3753 highlights a growing trend in which threat actors increasingly prioritize data theft and extortion over traditional ransomware deployment. As cybercriminal groups continue targeting the legal sector for its uniquely valuable information assets, organizations must strengthen both technical and operational defenses to protect client confidentiality, business continuity, and professional reputation.

Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial 

Executive Summary

Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.

Related Families: LockBit 3.0, Conti
Verticals Targeted: Business Services, Construction, Retail, Telecommunications, Manufacturing, Mining, Government, Healthcare, Transportation, Energy, Software, Education 

Executive Summary

DragonForce is a ransomware as a service (RaaS) that has significantly evolved in the past year, making it a formidable threat.