Carver Companies Hit by DragonForce Ransomware, 47.98GB Data Stolen

Incident Date:

August 18, 2024

World map

Overview

Title

Carver Companies Hit by DragonForce Ransomware, 47.98GB Data Stolen

Victim

Carver Companies

Attacker

Dragonforce

Location

Coeymans, USA

New York, USA

First Reported

August 18, 2024

DragonForce Ransomware Group Targets Carver Companies in Major Cyber Attack

Carver Companies, a multifaceted organization with over 30 years of experience in the maritime, aggregates, and construction sectors, has become the latest victim of a ransomware attack by the notorious DragonForce group. The breach, discovered on August 19, resulted in the exfiltration of 47.98GB of sensitive data.

About Carver Companies

Headquartered in Coeymans, New York, Carver Companies operates across the East Coast of the United States and Canada. The company offers a comprehensive range of services, including logistics, port operations, tug-and-barge transport, and high-quality material supply for construction projects. Carver Companies is known for its commitment to excellence, honesty, and integrity, and has positioned itself as a key player in managing logistics for significant clients like Heidelberg Materials.

With multiple divisions and locations, Carver Companies boasts impressive assets, including multiple tugboats, over 50 barges, and the capability to serve 3,000 miles of coastline. The company also owns a 40-acre industrial port complex and over 300,000 square feet of indoor warehouse space. Their diverse portfolio includes marine terminals, construction services, sand and gravel mining, stevedoring, warehousing, and logistics services.

Details of the Attack

The ransomware attack on Carver Companies was orchestrated by DragonForce, a group that emerged in late 2023. Known for their double extortion tactics, DragonForce encrypts victims' data and exfiltrates sensitive information, threatening to release it publicly if the ransom is not paid. In this case, the group exfiltrated 47.98GB of data from Carver Companies, which they have threatened to release on their "DragonLeaks" dark web site.

About DragonForce

DragonForce is a relatively new but highly active ransomware group. They have claimed a series of high-profile attacks across various industries in the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting that DragonForce has leveraged this code to quickly develop and deploy their own ransomware. The group has also taken unusual steps, such as publishing audio recordings of negotiations with victims on their leak site.

Potential Vulnerabilities

Carver Companies' extensive operations and significant digital footprint make them a lucrative target for ransomware groups like DragonForce. The company's reliance on integrated solutions and rapid response capabilities may have inadvertently exposed vulnerabilities in their cybersecurity infrastructure. The attack underscores the importance of comprehensive cybersecurity measures, especially for organizations with diverse and expansive operations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.