DRAGONFORCE Ransomware Group Lists MicroMarketing as Victim on Dark Web Leak Site

The DRAGONFORCE ransomware operation has listed marketing services firm MicroMarketing as a victim on its dark web leak site, according to threat intelligence tracking by RedPacketSecurity. The listing suggests the group has exfiltrated data from the company and may be preparing to release it publicly if ransom demands go unmet. The exposure places MicroMarketing among the growing roster of organizations targeted by DRAGONFORCE, a ransomware-as-a-service operation known for double-extortion tactics—encrypting systems while simultaneously threatening to publish stolen data.

MicroMarketing's specific profile, including the size of the breach and the types of data potentially compromised, has not been publicly disclosed by the company. DRAGONFORCE typically leverages Tor-based leak sites to pressure victims, publishing samples of stolen files as leverage. RedPacketSecurity's OSINT monitoring captured the listing, which remains accessible on the group's dark web infrastructure. The timing and scope of the intrusion remain under investigation.

The incident underscores the persistent pressure ransomware groups like DRAGONFORCE place on mid-market firms across sectors. DRAGONFORCE has been active in 2024 and 2025, targeting organizations in North America, Europe, and the Asia-Pacific region. Companies in marketing, media, and professional services remain attractive targets due to the sensitive client data they often handle. Security teams should monitor for exposure of credentials, client databases, and internal communications associated with MicroMarketing's environment.