DragonForce Ransomware Strikes Grand Rapids Gravel

Incident Date:

July 2, 2024

World map

Overview

Title

DragonForce Ransomware Strikes Grand Rapids Gravel

Victim

Grand Rapids Gravel

Attacker

Dragonforce

Location

Wyoming, USA

Michigan, USA

First Reported

July 2, 2024

Analysis of the DragonForce Ransomware Attack on Grand Rapids Gravel

Company Profile: Grand Rapids Gravel

Grand Rapids Gravel Company, a stalwart in the construction materials sector, has been operational since 1920. Based in Grand Rapids, Michigan, this company specializes in the production and supply of essential materials such as sand, gravel, and stone, which are pivotal for various construction projects. With a workforce of 2-10 employees, Grand Rapids Gravel not only focuses on material supply but also offers consulting services on material selection for sustainability and efficiency in construction projects. Their long-standing reputation and specialized services make them a notable entity in the industry.

Details of the Ransomware Attack

The ransomware group DragonForce executed a targeted attack against Grand Rapids Gravel, resulting in the exfiltration of approximately 10.96GB of sensitive data. This incident was publicly acknowledged by the group on their dark web platform, DragonLeaks. The attack not only encrypted the company’s data but also posed a severe threat of leaking it, should the ransom demands not be met, showcasing the double extortion technique employed by DragonForce.

Profile of DragonForce Ransomware Group

DragonForce, emerging in late 2023, has quickly gained notoriety for its aggressive ransomware campaigns. The group is known for its double extortion tactic, which involves both data encryption and exfiltration. The ransomware code used by DragonForce is believed to have been developed from a leaked version of the LockBit ransomware builder, indicating a sophisticated level of technical capability in deploying threats. Additionally, DragonForce has been linked to various high-profile attacks globally, affecting diverse sectors and demonstrating their broad reach and capability to infiltrate different industries.

Potential Vulnerabilities and Entry Points

While specific details of the breach vector in the Grand Rapids Gravel attack remain undisclosed, common entry points for such attacks include phishing, exploitation of unpatched systems, or compromised credentials. Given the size of the company and the nature of its operations, it is plausible that network security measures might not have been robust enough to fend off sophisticated cyber threats like those posed by DragonForce. The construction industry, often not the primary focus for intense cyber defense strategies, becomes an attractive target for cybercriminals looking to exploit less fortified systems.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.