Cydcor LLC Hit by DragonForce Ransomware in Major Cyber Attack

Incident Date:

August 10, 2024

World map

Overview

Title

Cydcor LLC Hit by DragonForce Ransomware in Major Cyber Attack

Victim

Cydcor LLC

Attacker

Dragonforce

Location

Agoura Hills, USA

California, USA

First Reported

August 10, 2024

DragonForce Ransomware Group Targets Cydcor LLC in Devastating Cyber Attack

Cydcor LLC, a prominent player in the Business Services sector, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as DragonForce. This attack has compromised the company's data and systems, potentially leading to significant operational disruptions and financial losses.

About Cydcor LLC

Founded nearly three decades ago, Cydcor LLC specializes in customer acquisition and brand engagement through personalized, face-to-face interactions. The company has established itself as a leader in connecting brands with potential customers, particularly for Fortune 500 companies and emerging brands across various industries. Cydcor's operations focus on acquiring new customers, increasing market share, penetrating new territories, retaining existing customers, and enhancing customer value. Their unique approach involves client-branded kiosks and on-site visits to engage directly with consumers, fostering meaningful connections that automated systems often overlook.

Details of the Attack

The ransomware attack on Cydcor LLC was explicitly claimed by DragonForce on their dark web leak site. The specifics of the ransom demand and the extent of the data breach are yet to be disclosed. However, the incident underscores the growing threat of ransomware attacks on businesses. Cydcor LLC is currently working with cybersecurity experts to assess the damage and restore their systems while also cooperating with law enforcement to track down the perpetrators.

About DragonForce Ransomware Group

DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using a double extortion tactic, which involves encrypting victims' data and exfiltrating sensitive data, threatening to release it publicly if the ransom is not paid. DragonForce has claimed a series of high-profile attacks across various industries and countries, including the Ohio Lottery, Yakult Australia, Coca-Cola Singapore, and the government of Palau. Researchers have found that DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they may have leveraged this code to quickly develop and deploy their own ransomware.

Potential Vulnerabilities

Cydcor's emphasis on personal interactions and extensive use of client-branded kiosks and on-site visits may have exposed them to vulnerabilities that threat actors like DragonForce could exploit. The company's significant workforce and extensive client base also make it an attractive target for ransomware groups seeking to maximize their impact and potential ransom payments. The attack on Cydcor highlights the importance of cybersecurity measures, especially for companies that rely heavily on personal interactions and data-driven operations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.