TechDogs-"Turf Wars, Outages, Exploits—Ransomware Hits Enterprises, Gamers And Agencies"

Cyber Security

Turf Wars, Outages, Exploits—Ransomware Hits Enterprises, Gamers And Agencies

By Nikhil Khedlekar

Updated on Tue, Jul 8, 2025

Overall Rating
Ever felt the ripple effect of a cyberattack happening halfway across the world?

For those of you who haven’t, we’re here to tell you that it’s much more common than you think. Just a few years ago, news about cybercrime felt like something that was happening to corporations far away from our daily lives.

Today, it’s practically knocking on everyone’s door—from your favorite retailer to your work devices and even your Friday night gaming sessions.

This past week, it wasn’t just hackers versus companies—it was hackers versus hackers, too. Amid global threats and federal agencies scrambling to patch flaws and gamers getting booted off mid-match by remote hijackers, it was a hectic week for cybersecurity professionals.

So, let’s dive in and explore what has happened across the growing digital battlefield!
 

Ransomware Turf War Between DragonForce And RansomHub Heats Up


Cybercrime groups DragonForce and RansomHub are clashing in what experts describe as a “turf war” within the ransomware-as-a-service (RaaS) ecosystem.

DragonForce, linked to recent cyber-attacks on UK retailers such as Marks & Spencer, Harrods, and Co‑Op, rebranded itself as a “cartel” in March 2025 to attract more affiliates—a move that sparked intense rivalry with RansomHub.

Around the same time, RansomHub’s leak site was mysteriously taken offline, marked “R.I.P 3/3/25”—a move attributed to DragonForce by cybersecurity firm Sophos.

In retaliation, a RansomHub affiliate defaced DragonForce’s website, labelling them “traitors” and accusing them of betrayal.

The groups now appear to be fighting over the same victims, increasing the risk of double extortion, where companies may be targeted twice for ransom.

“There’s no honor among thieves,” said Toby Lewis, Global Head of Threat Analysis at Darktrace. “Most cybercrime groups have an ingrained need for kudos and one-upmanship that could lead them to attack and extort the same target.”

Genevieve Stark from Google Threat Intelligence warned, “Instability within the extortion ecosystem can have serious implications for ransomware and data theft extortion victims.”

DragonForce has claimed responsibility for 82 victims in under a year, while RansomHub lists nearly 500 breaches in 2024 alone, showing the massive scale of its operations.

“Cybercriminals are a ruthless bunch, and a betrayal between partners can result in a situation where the victim gets extorted twice,” added Rafe Pilling, Director of Threat Intelligence at Sophos.

With global cybercrime damages expected to reach $10 trillion by 2025, businesses must brace for volatile, unpredictable threats in this lawless digital arena, especially when two major ransomware groups kick off a turf war.

However, another high-profile example of disruption caused by ransomware unfolded a days ago at one of the world’s largest IT distributors.
 

Ingram Micro Suffers Major Outage Following Ransomware Attack


TechDogs-"Ingram Micro Headquarters Signboard Surrounded By Trees"
Ingram Micro, one of the world’s top IT distributors, confirmed a ransomware attack just ahead of the July 4 weekend, disrupting order processing and service platforms globally.

The attack was first suspected when web portals went dark on July 3, leaving partners and MSP customers unable to place or manage orders.

On July 6, Ingram Micro acknowledged the attack, stating it had “identified ransomware on certain internal systems” and was taking affected systems offline proactively.

The statement emphasized, “Ingram Micro recently identified ransomware on certain of its internal systems,” while noting that it had “implemented mitigation measures and launched an investigation with cybersecurity experts.”

The emerging gang “SafePay” is suspected to be behind the attack, although the group has not yet claimed public responsibility on its leak site.

Managed Service Providers (MSPs) fear that the attackers may attempt to leverage third-party access to infiltrate broader networks, leading to some revoking vendor access to prevent lateral movement.

Ingram Micro filed an 8-K form with the SEC and is working with law enforcement and cybersecurity experts to investigate and restore its services. As of now, the company’s U.S. site is partially restored, but regional and Xvantage platforms remain offline.

While companies are reeling from direct ransomware hits, federal agencies are racing to close critical gaps being exploited by attackers.
 

CISA Flags Four New Actively Exploited Vulnerabilities


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation.

The vulnerabilities include:
 
  • CVE-2014-3931 – A buffer overflow flaw in Multi-Router Looking Glass.

  • CVE-2016-10033 – A PHPMailer vulnerability enabling command injection.

  • CVE-2019-5418 – A Ruby on Rails path traversal vulnerability.

  • CVE-2019-9621 – An SSRF vulnerability in Zimbra Collaboration Suite.


The Zimbra flaw has been actively exploited by China-linked threat actor Earth Lusca to deploy backdoors such as web shells and Cobalt Strike. While public exploit reports for the other three are limited, their CVSS scores (two rated 9.8) indicate critical severity.

TechDogs-"Citrix Bleed 2 Exploit Code Showing Memory Leak From Authentication Endpoint"
Federal agencies have been instructed to patch these flaws by July 28, 2025, to maintain network integrity. Plus, security researchers warned that these vulnerabilities could allow remote code execution, data exposure, or denial-of-service scenarios if left unpatched.

Well, if you think these threats are limited to enterprises or government networks, think again—gamers just got an unwanted front-row experience in digital vulnerabilities.
 

Call of Duty WWII PC Taken Offline Amid RCE Exploit


Call of Duty: WWII, a popular first-person shooter game, was pulled from PC platforms on July 5 after multiple users reported remote code execution (RCE) attacks during multiplayer gameplay.

Online videos show the game freezing mid-match, while Windows commands are executed automatically in the background—some even altering system visuals or forcibly shutting down computers, although the console version of the game remains unaffected.

TechDogs-"Call of Duty WWII Gameplay Interrupted By Hacker Command Message On Screen"
Though details are sparse, the RCE attack appears to be linked to the game’s peer-to-peer architecture, making host players vulnerable to being exploited.

With the issue beginning shortly after the title was added to Microsoft Game Pass, it has raised alarms within the gaming community. While the developers have yet to confirm technical details, the Call of Duty updates account said the game was removed “while we investigate reports of an issue.”

Do you think rising tensions among ransomware gangs, overlooked cyber risks, and a growing list of vulnerabilities signal a shift in how cyberattacks will unfold in 2025?

Let us know in the comments below!

First published on Tue, Jul 8, 2025

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Loading comments...

  • Dark
  • Light