DragonForce Ransomware Group Targets SMK Ingenieurbüro in Devastating Cyber Attack

On August 18, 2024, the German engineering firm SMK Ingenieurbüro fell victim to a ransomware attack orchestrated by the notorious group known as DragonForce. The attackers listed SMK on their dark web leak site, claiming to have exfiltrated 544.75 GB of data from the company. The specific nature of the compromised data remains unknown, but the group has issued an ultimatum demanding an unspecified ransom by August 25, 2024, threatening to release the stolen data if their demands are not met.

About SMK Ingenieurbüro

SMK Ingenieurbüro GmbH, officially known as SMK Ingenieurbüro Gesellschaft für Systemberatung, Projektmanagement und Konstruktion mbH, is a prominent engineering firm based in Schönkirchen, Germany. Specializing in naval architecture and design, the company focuses on the construction of ships and floating structures, providing comprehensive engineering services tailored to the maritime industry. Their core competencies include the creation of detailed design documentation for various marine vessels, such as mega yachts, research vessels, LNG ferries, tugs, and offshore structures.

Founded in 1992, SMK Ingenieurbüro has established itself as a reputable provider of engineering services, specializing in mechanical engineering, electrical engineering, and automation technology. The company employs between 50 to 100 professionals, including engineers, technicians, and support staff. This size allows SMK to maintain a high level of flexibility and personalized service for its clients while still having the capacity to handle complex projects.

Attack Overview

The ransomware attack on SMK Ingenieurbüro was executed by DragonForce, a group known for using double extortion tactics. This involves encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed a series of high-profile attacks since their emergence in late 2023, targeting various industries across the US, UK, Australia, Singapore, and other countries.

About DragonForce

DragonForce is a relatively new ransomware group that first appeared in early December 2023. They have quickly gained notoriety for their sophisticated double extortion tactics and their use of a leaked builder from the infamous LockBit ransomware group. This has allowed them to rapidly develop and deploy their own ransomware. There is an educated assumption that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection remains unconfirmed.

Potential Vulnerabilities

SMK Ingenieurbüro's focus on advanced engineering services and their use of electronic data processing, particularly in CAD/CAM technology, may have made them an attractive target for ransomware groups like DragonForce. The company's reliance on digital tools and data for their design processes could have provided multiple entry points for the attackers. Additionally, the firm's significant data assets related to naval architecture and design would be highly valuable, making them a prime candidate for double extortion tactics.

• VSM - SMK Ingenieurbüro
• SMK Ingenieurbüro Official Website
• WatchGuard - DragonForce Ransomware Tracker
• Tripwire - DragonForce Ransomware
• SOCRadar - DragonForce Ransomware Profile