Analysis of DragonForce Ransomware Attack on Swansea.com Ltd: Vulnerabilities and Impact

Incident Date:

April 21, 2024

World map

Overview

Title

Analysis of DragonForce Ransomware Attack on Swansea.com Ltd: Vulnerabilities and Impact

Victim

Swansea.com Ltd,

Attacker

Dragonforce

Location

Swansea, United Kingdom

, United Kingdom

First Reported

April 21, 2024

Analysis of the DragonForce Ransomware Attack on Swansea.com Ltd

Attack Overview

A UK-based advertising agency, Swansea.com Ltd, found itself at the center of a ransomware attack conducted by the cybercrime group DragonForce. This breach led to the extraction of approximately 5.17 GB of data, the details of which remain undisclosed.

Company Profile

Swansea.com Ltd, initially known as COMSWAN LIMITED, was incorporated on March 31, 2016. The company is classified under the SIC code 73110, indicating its operation within the advertising agencies sector. Swansea.com Ltd describes itself as an investment company with diverse interests in hospitality, real estate, and sports sectors, employing over 100 people across South Wales. The company's registered office is located in Swansea, West Glamorgan, and it currently has 4 active directors. The financial profile and the operational details of the company suggest a modest scale of operation with significant local influence.

Vulnerabilities and Target Profile

The choice of Swansea.com Ltd as a target by DragonForce could be attributed to several factors. The company's diverse involvement in sectors like real estate and hospitality might suggest valuable data holdings, including personal and financial information. Moreover, the small size of the company might imply limited cybersecurity resources against malicious threat actors. The impact of the attack on Swansea.com Ltd extends beyond immediate financial loss, potentially affecting its reputation and operational capabilities, especially given its stated role in significant sectors within South Wales.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.