DragonForce Ransomware Hits Deane Roofing, Exfiltrates 6.59GB of Data
Incident Date:
August 22, 2024
Overview
Title
DragonForce Ransomware Hits Deane Roofing, Exfiltrates 6.59GB of Data
Victim
Deane Roofing and Cladding
Attacker
Dragonforce
Location
First Reported
August 22, 2024
DragonForce Ransomware Group Targets Deane Roofing and Cladding
Deane Roofing and Cladding, a leading contracting firm specializing in roofing and cladding solutions, has become the latest victim of a ransomware attack by the notorious DragonForce group. The attack, discovered on August 23, 2024, resulted in the exfiltration of 6.59GB of sensitive data, posing significant risks to the company's operations and client confidentiality.
About Deane Roofing and Cladding
Established in 1997, Deane Roofing and Cladding operates in Ireland, the UK, and Canada, employing over 300 professionals. The company offers a comprehensive range of services, including the design, supply, and installation of various roofing and cladding systems. Their portfolio includes high-profile projects such as the Sanger Institute & Biodata Innovation Centre in Cambridgeshire. Deane Roofing is known for its commitment to safety, quality, and environmental responsibility, as well as its bespoke fabrication capabilities.
Attack Overview
The ransomware attack on Deane Roofing and Cladding was orchestrated by DragonForce, a group known for its double extortion tactics. The cybercriminals managed to exfiltrate a significant amount of data, totaling 6.59GB. This breach highlights the growing threat of ransomware attacks on businesses across various sectors, including construction.
About DragonForce Ransomware Group
DragonForce emerged in late 2023 and quickly gained notoriety for its double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information. The group threatens to release the stolen data publicly if the ransom is not paid. DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to develop their own malware. The group has claimed attacks against various industries globally, including high-profile targets like the Ohio Lottery and Coca-Cola Singapore.
Potential Vulnerabilities
Deane Roofing and Cladding's extensive operations and large workforce make it a lucrative target for ransomware groups like DragonForce. The company's reliance on digital systems for project management, client communication, and bespoke fabrication could have provided multiple entry points for the attackers. Additionally, the construction sector's general lag in adopting advanced cybersecurity measures may have contributed to the breach.
Penetration Methods
While the exact method of penetration remains unclear, DragonForce likely exploited vulnerabilities in Deane Roofing and Cladding's network infrastructure. Common tactics include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. The use of LockBit's leaked ransomware code further underscores the sophistication of DragonForce's attack methods.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.