DragonForce Ransomware Disrupts Gray & Adams Operations

Incident Date:

July 2, 2024

World map

Overview

Title

DragonForce Ransomware Disrupts Gray & Adams Operations

Victim

Gray & Adams

Attacker

Dragonforce

Location

Fraserburgh, United Kingdom

, United Kingdom

First Reported

July 2, 2024

Analysis of the DragonForce Ransomware Attack on Gray & Adams

Company Profile: Gray & Adams

Gray & Adams Limited, a prominent player in the manufacturing sector, specializes in the design and production of temperature-controlled transport solutions. Founded in 1957 and based in Fraserburgh, Scotland, the company has carved a niche in producing refrigerated trailers, dry freight vehicles, and specialized transport solutions. With over 750 employees, Gray & Adams stands out for its commitment to innovation, quality, and customer-specific designs. Their products are critical in industries requiring stringent temperature controls, such as food services and pharmaceuticals, making their operational continuity crucial for their clients.

Vulnerabilities and Industry Challenges

The very nature of Gray & Adams' business, involving extensive data on supply chains, client details, and proprietary manufacturing processes, makes it a lucrative target for cybercriminals. The integration of technology in manufacturing processes, while beneficial, also expands the attack surface. Systems that control manufacturing operations and data flows are potential entry points for cyber threats. The reliance on digital systems to maintain operational efficiency and client communications further compounds their vulnerability to sophisticated cyber-attacks such as ransomware.

Overview of the Ransomware Attack

On July 9, 2024, Gray & Adams fell victim to a targeted ransomware attack by the group known as DragonForce. This incident led to the encryption of critical data and a subsequent data leak amounting to 8.35GB of sensitive information. The attack not only disrupted their operations but also posed a significant threat to the confidentiality of their business and client data. DragonForce, employing double extortion tactics, threatened to release the data publicly if their ransom demands were not met, leveraging both encryption and data theft to pressure the victim into compliance.

DragonForce Ransomware Group

DragonForce is a relatively new but aggressive ransomware group that emerged in late 2023. Known for their double extortion technique, they have quickly established a reputation for targeting a wide range of industries globally. The group's modus operandi involves using a combination of data encryption and exfiltration to maximize their leverage over victims. Analysis suggests that DragonForce's ransomware code may be derived from the previously leaked LockBit ransomware, indicating a sophisticated level of technical capability in deploying their attacks.

Potential Penetration Techniques

While the specific entry point used by DragonForce in the attack on Gray & Adams has not been publicly disclosed, common tactics such as phishing, exploitation of unpatched vulnerabilities, or credential stuffing are often employed by ransomware groups. Given the sophistication of DragonForce, it is plausible that they utilized advanced persistent threat (APT) tactics, possibly gaining initial access through a seemingly benign entry point before escalating privileges and moving laterally across the network to deploy their ransomware.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.