DragonForce Ransomware Hits Controlled Power Company in Major Attack
Incident Date:
September 10, 2024
Overview
Title
DragonForce Ransomware Hits Controlled Power Company in Major Attack
Victim
Controlled Power
Attacker
Dragonforce
Location
First Reported
September 10, 2024
DragonForce Ransomware Group Targets Controlled Power Company
Controlled Power Company, a subsidiary of Trystar, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group DragonForce. The attack, which has been explicitly claimed by DragonForce on their dark web leak site, has compromised the company's systems, potentially leading to significant operational disruptions and data breaches.
About Controlled Power Company
Controlled Power Company, headquartered in Troy, Michigan, specializes in providing commercial and industrial electrical power quality solutions. With over 45 years of expertise, the company focuses on designing and manufacturing high-quality power products that enhance electrical system reliability and safety. Their product portfolio includes uninterruptible power supplies (UPS), medical-grade UPS products, power conditioning voltage regulators, and transformers. These products are crucial for critical environments such as healthcare and commercial settings, ensuring uninterrupted operations during power outages.
Since becoming part of Trystar in late 2021, Controlled Power has expanded its capabilities within the broader context of electrical AC and DC power quality products. The company employs approximately 18 people and reported an annual revenue of $23.3 million. This relatively small team size coupled with a substantial revenue figure suggests a highly efficient operation focused on specialized power solutions.
Attack Overview
The ransomware attack on Controlled Power Company has been claimed by DragonForce, a relatively new ransomware group that emerged in late 2023. DragonForce is known for using a double extortion tactic, where they encrypt victims' data and also exfiltrate sensitive data, threatening to release it publicly if the ransom is not paid. The specifics of the ransom demand, the extent of data encryption, and the potential data exfiltration remain undisclosed at this time.
About DragonForce Ransomware Group
DragonForce first appeared in early December 2023 and has since claimed a series of high-profile attacks. They use a combination of encrypting victims' data and exfiltrating sensitive data, threatening to release it publicly if the ransom is not paid. Researchers have found that DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting that DragonForce may have leveraged the leaked LockBit code to quickly develop and deploy their own ransomware.
There is an "educated assumption" that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection is unconfirmed. The group has taken some unusual steps, such as publishing audio recordings of negotiations with victims on their leak site.
Potential Vulnerabilities
Controlled Power Company's focus on critical environments such as healthcare and commercial settings makes them a prime target for ransomware groups like DragonForce. The company's reliance on high-quality power products and custom solutions tailored to meet specific industry needs could have made them vulnerable to sophisticated cyberattacks. The integration with Trystar and the relatively small team size may also have contributed to potential security gaps that were exploited by the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.