DragonForce Ransomware Group Targets Controlled Power Company

Controlled Power Company, a subsidiary of Trystar, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group DragonForce. The attack, which has been explicitly claimed by DragonForce on their dark web leak site, has compromised the company's systems, potentially leading to significant operational disruptions and data breaches.

About Controlled Power Company

Controlled Power Company, headquartered in Troy, Michigan, specializes in providing commercial and industrial electrical power quality solutions. With over 45 years of expertise, the company focuses on designing and manufacturing high-quality power products that enhance electrical system reliability and safety. Their product portfolio includes uninterruptible power supplies (UPS), medical-grade UPS products, power conditioning voltage regulators, and transformers. These products are crucial for critical environments such as healthcare and commercial settings, ensuring uninterrupted operations during power outages.

Since becoming part of Trystar in late 2021, Controlled Power has expanded its capabilities within the broader context of electrical AC and DC power quality products. The company employs approximately 18 people and reported an annual revenue of $23.3 million. This relatively small team size coupled with a substantial revenue figure suggests a highly efficient operation focused on specialized power solutions.

Attack Overview

The ransomware attack on Controlled Power Company has been claimed by DragonForce, a relatively new ransomware group that emerged in late 2023. DragonForce is known for using a double extortion tactic, where they encrypt victims' data and also exfiltrate sensitive data, threatening to release it publicly if the ransom is not paid. The specifics of the ransom demand, the extent of data encryption, and the potential data exfiltration remain undisclosed at this time.

About DragonForce Ransomware Group

DragonForce first appeared in early December 2023 and has since claimed a series of high-profile attacks. They use a combination of encrypting victims' data and exfiltrating sensitive data, threatening to release it publicly if the ransom is not paid. Researchers have found that DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting that DragonForce may have leveraged the leaked LockBit code to quickly develop and deploy their own ransomware.

There is an "educated assumption" that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection is unconfirmed. The group has taken some unusual steps, such as publishing audio recordings of negotiations with victims on their leak site.

Potential Vulnerabilities

Controlled Power Company's focus on critical environments such as healthcare and commercial settings makes them a prime target for ransomware groups like DragonForce. The company's reliance on high-quality power products and custom solutions tailored to meet specific industry needs could have made them vulnerable to sophisticated cyberattacks. The integration with Trystar and the relatively small team size may also have contributed to potential security gaps that were exploited by the attackers.

Sources

• Controlled Power Company
• Trystar - Controlled Power Company
• WatchGuard - DragonForce Ransomware
• SOCRadar - DragonForce Ransomware
• InfoSecurity Magazine - DragonForce Ransomware