DragonForce Ransomware Hits BK Aerospace: 19.43 GB Data at Risk

Incident Date:

July 25, 2024

World map

Overview

Title

DragonForce Ransomware Hits BK Aerospace: 19.43 GB Data at Risk

Victim

BK Aerospace

Attacker

Dragonforce

Location

Arab, USA

Alabama, USA

First Reported

July 25, 2024

DragonForce Ransomware Attack on BK Aerospace

Overview of BK Aerospace

BK Aerospace, officially registered as B-K Manufacturing Co., Inc., is a third-generation family-owned business established in 1967. Located in Arab, Alabama, the company specializes in engineering, manufacturing, testing, and assembly services for complex hardware, primarily serving the aerospace, defense, and commercial sectors. BK Aerospace is renowned for its innovative solutions, extensive experience, and strong commitment to quality, which has enabled it to secure numerous contracts, including those related to American space exploration and military operations.

Details of the Ransomware Attack

Recently, BK Aerospace fell victim to a ransomware attack orchestrated by the DragonForce group. The attackers claim to have infiltrated the company's systems and gained access to 19.43 GB of sensitive data. DragonForce has threatened to publish this data within the next 9-10 days if their demands are not met, putting significant pressure on BK Aerospace to respond swiftly to mitigate potential damage.

About DragonForce Ransomware Group

DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using a double extortion tactic, which involves encrypting victims' data and exfiltrating sensitive data, threatening to release it publicly if the ransom is not paid. DragonForce has claimed attacks against various industries across the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to quickly develop and deploy their own ransomware.

Potential Vulnerabilities and Penetration Methods

BK Aerospace's extensive experience and reputation in the aerospace and defense sectors make it a high-value target for ransomware groups like DragonForce. The company's reliance on advanced manufacturing techniques and engineering expertise may have created vulnerabilities that threat actors could exploit. While the exact method of penetration is not disclosed, it is likely that DragonForce used phishing attacks, exploiting software vulnerabilities, or leveraging weak security protocols to gain access to BK Aerospace's systems.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.