DragonForce Ransomware Hits John Gallin & Son: 783GB Data Breach
Incident Date:
July 24, 2024
Overview
Title
DragonForce Ransomware Hits John Gallin & Son: 783GB Data Breach
Victim
John Gallin & Son
Attacker
Dragonforce
Location
First Reported
July 24, 2024
DragonForce Ransomware Attack on John Gallin & Son
Overview of John Gallin & Son
John Gallin & Son is a prominent construction management and general contracting firm based in New York City. Founded in 1886 by Irish immigrant John Gallin, the company has remained under the stewardship of the Gallin family for four generations. Specializing in commercial interiors, the firm is known for its expertise in managing projects within Manhattan's high-rise buildings. The company employs approximately 53 people and reported an annual revenue of approximately $2.4 million in 2024.
Details of the Ransomware Attack
On July 25, 2024, John Gallin & Son fell victim to a ransomware attack orchestrated by the DragonForce group. The attack resulted in a significant data breach, with a leak size amounting to 783.94GB. The compromised data could potentially include sensitive corporate information, posing a substantial risk to the company's operations and client confidentiality.
About DragonForce Ransomware Group
DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using a double extortion tactic, encrypting victims' data and exfiltrating sensitive data, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed attacks against various industries across the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to quickly develop and deploy their own ransomware.
Potential Vulnerabilities
John Gallin & Son's focus on high-profile commercial interior projects in Manhattan makes them a lucrative target for ransomware groups like DragonForce. The company's extensive involvement in planning, budgeting, and scheduling, along with their collaborative approach, means they handle a significant amount of sensitive data. This data, if compromised, could severely impact their operations and client trust. The attack highlights the importance of robust cybersecurity measures, especially for firms handling critical and sensitive information.
Penetration Methods
While the exact method of penetration in this attack is not publicly disclosed, DragonForce's use of the LockBit ransomware code suggests they may have exploited known vulnerabilities in the company's systems. Common methods include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. The sophistication of DragonForce's tactics underscores the need for continuous monitoring and updating of cybersecurity defenses.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.