DragonForce Ransomware Attack Hits South Bay Regional Public Communications Authority
Incident Date:
July 16, 2024
Overview
Title
DragonForce Ransomware Attack Hits South Bay Regional Public Communications Authority
Victim
South Bay Regional Public Communications Authority
Attacker
Dragonforce
Location
First Reported
July 16, 2024
Ransomware Attack on South Bay Regional Public Communications Authority by DragonForce
Overview of the Victim
The South Bay Regional Public Communications Authority (SBRPCA), also known as the Regional Communications Center (RCC), is a joint powers authority established in 1977. It provides essential public safety dispatch services for multiple cities in the South Bay region of Southern California, including Gardena, Hawthorne, and Manhattan Beach. The RCC also serves other cities such as Culver City, El Segundo, and Hermosa Beach under contractual agreements. The authority processes approximately 300,000 incidents annually, utilizing advanced technologies like Geographic Information Systems (GIS) and real-time tracking systems to enhance emergency response effectiveness.
Company Size and Operations
The SBRPCA operates with a modest workforce, indicated by its 77 followers on LinkedIn, suggesting it is a small to medium-sized organization. As a governmental entity, its funding primarily comes from municipal budgets. The authority has implemented recruitment incentives, offering bonuses for new hires and lateral transfers, reflecting its commitment to attracting qualified personnel for communication operator positions.
Attack Overview
In July 2024, the SBRPCA experienced a significant ransomware attack orchestrated by the DragonForce group. The attackers exfiltrated approximately 54.43 GB of sensitive data and set a ransom deadline for July 28, 2024. This breach has raised substantial concerns about the security and integrity of the public communications authority's data and operations.
About DragonForce Ransomware Group
DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using double extortion tactics, encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed attacks against various industries across the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to quickly develop and deploy their own ransomware.
Penetration and Distinguishing Features
DragonForce may have penetrated the SBRPCA's systems through vulnerabilities in their cybersecurity infrastructure. The group is distinguished by their use of double extortion tactics and their unusual steps, such as publishing audio recordings of negotiations with victims on their leak site. There is an educated assumption that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection remains unconfirmed.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.