Ransomware alert infographic: RMM tools with exploit arrows to Medusa and DragonForce; protective shields for patching and monitoring, with "Secure Your Supply Chain" warning banner over a server network.

Medusa and DragonForce ransomware targeted UK organizations in 2025 by exploiting SimpleHelp RMM vulnerabilities (CVE-2024-57726, etc.) through MSPs, bypassing defenses via supply chain attacks. They gained SYSTEM-level access to deploy payloads.

Ransomware alert infographic: RMM tools with exploit arrows to Medusa and DragonForce; protective shields for patching and monitoring, with "Secure Your Supply Chain" warning banner over a server network.Ransomware alert infographic: RMM tools with exploit arrows to Medusa and DragonForce; protective shields for patching and monitoring, with "Secure Your Supply Chain" warning banner over a server network.

Medusa disabled Defender with PDQ Deploy, used Gaze.exe and drivers like Smuot.sys, exfiltrated via RClone. DragonForce created admin accounts, installed AnyDesk, stole Veeam creds, and used Restic for data theft. Both used double extortion.

Ransomware alert infographic: RMM tools with exploit arrows to Medusa and DragonForce; protective shields for patching and monitoring, with "Secure Your Supply Chain" warning banner over a server network.Ransomware alert infographic: RMM tools with exploit arrows to Medusa and DragonForce; protective shields for patching and monitoring, with "Secure Your Supply Chain" warning banner over a server network.

Protect your network: Patch RMM tools, monitor MSP access, enable backups, and use EDR. This highlights supply chain vulnerabilities in ransomware.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security