Ransomware Group: DRAGONFORCE

VICTIM NAME: Asserson

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns Asserson, a UK-based law firm, describing the victim as a dynamic and creative practice with areas including dispute resolution, corporate law, and real estate. The page frames the incident as a data-leak event rather than solely a system encryption, alleging that the attackers have exfiltrated a substantial volume of documents—more than half a million in total—connected to clients, counterparties, lobbying activities, and related operations. The post is dated 26 September 2025, which serves as the leak’s publish date in the absence of a clearly stated compromise date. The page also indicates a claim URL for ransom-related negotiations, though no explicit ransom figure is provided in the available data. Although the dataset lists the victim’s industry as not found, the leak’s content clearly presents the victim as a legal services entity operating in the United Kingdom.

The leak page includes a gallery of 24 screenshots or images, described in general terms as internal documents or related material intended to illustrate the scope of the data exfiltration. The presence of these visuals is consistent with a double-extortion style, where attackers threaten public release or access to stolen data while offering a path to negotiation via the claimed URL. The post also contains contact details attributed to the victim, including a London address, but for privacy reasons this summary redacts those specifics. It cites allegations framed as examples of misconduct—such as lobbying, deceit, intimidation, and pressure on journalists—drawn from the leaked materials, though these claims are not independently verified within this summary. The overall payload emphasizes a large trove of data impacting the professional services sector and underscores the ongoing risk ransomware groups pose to regulated UK firms.