DragonForce Ransomware Hits German Engineering Firm SMK Ingenieurbüro

Incident Date:

August 18, 2024

World map

Overview

Title

DragonForce Ransomware Hits German Engineering Firm SMK Ingenieurbüro

Victim

SMK Ingenieurbüro

Attacker

Dragonforce

Location

Schönkirchen, Germany

, Germany

First Reported

August 18, 2024

DragonForce Ransomware Group Targets SMK Ingenieurbüro in Devastating Cyber Attack

On August 18, 2024, the German engineering firm SMK Ingenieurbüro fell victim to a ransomware attack orchestrated by the notorious group known as DragonForce. The attackers listed SMK on their dark web leak site, claiming to have exfiltrated 544.75 GB of data from the company. The specific nature of the compromised data remains unknown, but the group has issued an ultimatum demanding an unspecified ransom by August 25, 2024, threatening to release the stolen data if their demands are not met.

About SMK Ingenieurbüro

SMK Ingenieurbüro GmbH, officially known as SMK Ingenieurbüro Gesellschaft für Systemberatung, Projektmanagement und Konstruktion mbH, is a prominent engineering firm based in Schönkirchen, Germany. Specializing in naval architecture and design, the company focuses on the construction of ships and floating structures, providing comprehensive engineering services tailored to the maritime industry. Their core competencies include the creation of detailed design documentation for various marine vessels, such as mega yachts, research vessels, LNG ferries, tugs, and offshore structures.

Founded in 1992, SMK Ingenieurbüro has established itself as a reputable provider of engineering services, specializing in mechanical engineering, electrical engineering, and automation technology. The company employs between 50 to 100 professionals, including engineers, technicians, and support staff. This size allows SMK to maintain a high level of flexibility and personalized service for its clients while still having the capacity to handle complex projects.

Attack Overview

The ransomware attack on SMK Ingenieurbüro was executed by DragonForce, a group known for using double extortion tactics. This involves encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed a series of high-profile attacks since their emergence in late 2023, targeting various industries across the US, UK, Australia, Singapore, and other countries.

About DragonForce

DragonForce is a relatively new ransomware group that first appeared in early December 2023. They have quickly gained notoriety for their sophisticated double extortion tactics and their use of a leaked builder from the infamous LockBit ransomware group. This has allowed them to rapidly develop and deploy their own ransomware. There is an educated assumption that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection remains unconfirmed.

Potential Vulnerabilities

SMK Ingenieurbüro's focus on advanced engineering services and their use of electronic data processing, particularly in CAD/CAM technology, may have made them an attractive target for ransomware groups like DragonForce. The company's reliance on digital tools and data for their design processes could have provided multiple entry points for the attackers. Additionally, the firm's significant data assets related to naval architecture and design would be highly valuable, making them a prime candidate for double extortion tactics.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.