DragonForce Ransomware Strikes KGK Group's Sparkle Gems Inc
Incident Date:
September 26, 2024
Overview
Title
DragonForce Ransomware Strikes KGK Group's Sparkle Gems Inc
Victim
KGK Group
Attacker
Dragonforce
Location
First Reported
September 26, 2024
DragonForce Ransomware Attack on KGK Group's Sparkle Gems Inc
In a significant cybersecurity incident, the DragonForce ransomware group has claimed responsibility for an attack on Sparkle Gems Inc, a subsidiary of the globally renowned KGK Group. This attack highlights the vulnerabilities faced by large enterprises in the gems and jewelry sector, particularly those with extensive digital operations.
Overview of KGK Group and Sparkle Gems Inc
KGK Group, established in 1905, is a major player in the global gems and jewelry industry. With operations in 16 countries, the company is known for its comprehensive supply chain that spans from mining to retail. As a De Beers Sightholder and part of the Alrosa Alliance, KGK has a strong reputation in diamond sourcing. Sparkle Gems Inc, based in the USA, is a key subsidiary that contributes to KGK's expansive market presence.
The group's vertically integrated business model allows it to maintain control over the entire value chain, ensuring high-quality products and services. However, this extensive digital footprint also makes it a lucrative target for cybercriminals.
Details of the Ransomware Attack
DragonForce has reportedly exfiltrated 154.55 GB of sensitive data from Sparkle Gems Inc, threatening to release the information within three days if their demands are not met. This attack underscores the group's use of double extortion tactics, where they encrypt data and also threaten to leak it publicly.
The attack on Sparkle Gems Inc is part of a broader pattern of targeting high-profile organizations across various industries. The ransomware group has previously claimed attacks on entities such as the Ohio Lottery and Coca-Cola Singapore, indicating their global reach and ambition.
About DragonForce Ransomware Group
Emerging in late 2023, DragonForce has quickly gained notoriety for its sophisticated ransomware operations. The group is believed to have developed its ransomware using a leaked builder from the LockBit group, allowing them to deploy attacks rapidly. Their operations are characterized by a unique approach, including publishing audio recordings of negotiations with victims on their leak site.
While there is speculation about a connection to a Malaysian hacktivist group, this remains unconfirmed. DragonForce's ability to penetrate systems like those of Sparkle Gems Inc suggests a high level of technical expertise and strategic planning.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.