DragonForce Ransomware Hits Mainland Machinery in Major Data Breach Cyber Attack

Incident Date:

July 16, 2024

World map

Overview

Title

DragonForce Ransomware Hits Mainland Machinery in Major Data Breach Cyber Attack

Victim

Mainland Machinery

Attacker

Dragonforce

Location

Abbotsford, Canada

, Canada

First Reported

July 16, 2024

DragonForce Ransomware Group Targets Mainland Machinery in Devastating Cyber Attack

Overview of the Attack

Mainland Machinery, a leading industrial fabricator based in Abbotsford, British Columbia, has become the latest victim of a ransomware attack orchestrated by the DragonForce group. The attack, discovered on July 17, 2024, resulted in the exfiltration of 101.04GB of sensitive data. This breach poses significant risks to the company, given its critical role in the minerals and mining sector and other industries.

About Mainland Machinery

Founded in 1971, Mainland Machinery Ltd. specializes in custom metal fabrication and steel design services. The company serves various sectors, including mining, energy, marine, and industrial agriculture. With a workforce of approximately 41 employees and an estimated annual revenue of $25 million, Mainland Machinery is known for its innovative solutions and client-centered approach. The company’s expertise in designing, creating, and installing custom machinery and equipment has earned it a strong reputation in the industry.

Vulnerabilities and Impact

Mainland Machinery's focus on providing tailored solutions and maintaining collaborative partnerships makes it a standout in its field. However, this also makes it a prime target for cybercriminals. The sensitive nature of the data involved in their operations, combined with the critical services they provide, increases the potential impact of such an attack. The exfiltrated data could include proprietary designs, client information, and operational details, which could be devastating if released publicly.

DragonForce Ransomware Group

DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for their double extortion tactics, where they encrypt victims' data and exfiltrate sensitive information, threatening to release it publicly if the ransom is not paid. The group has claimed several high-profile attacks across various industries and countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting a sophisticated level of operation.

Penetration and Distinguishing Features

DragonForce's ability to penetrate Mainland Machinery's systems likely involved exploiting vulnerabilities in the company's cybersecurity defenses. The group is known for leveraging leaked malware code and employing advanced tactics to bypass security measures. Additionally, DragonForce has taken unusual steps, such as publishing audio recordings of negotiations with victims, to pressure their targets into paying the ransom.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.