Elite Fitness NZ Hit by DragonForce Ransomware Attack
Incident Date:
July 2, 2024
Overview
Title
Elite Fitness NZ Hit by DragonForce Ransomware Attack
Victim
Elite Fitness NZ
Attacker
Dragonforce
Location
First Reported
July 2, 2024
Analysis of the DragonForce Ransomware Attack on Elite Fitness NZ
Company Profile: Elite Fitness NZ
Elite Fitness NZ, officially known as Elite Fitness Equipment Limited, is a leading retailer in the fitness equipment sector in New Zealand. Founded in the late 1990s, the company has expanded to operate 12 stores across the country. Elite Fitness distinguishes itself by offering a wide range of high-quality fitness products and expert advice, catering to both home and commercial markets. Their commitment to customer satisfaction and a strong online presence have solidified their position as a trusted provider in New Zealand’s competitive fitness equipment market.
Vulnerabilities and Cybersecurity Challenges
As a prominent retailer with a significant online and physical presence, Elite Fitness handles a substantial amount of sensitive customer and employee data. This data, coupled with their extensive digital footprint, makes them an attractive target for cybercriminals. The retail sector, in general, faces numerous cybersecurity challenges, including the need to secure transactional data and protect against threats to their e-commerce platforms.
Overview of the Ransomware Attack
The DragonForce ransomware group targeted Elite Fitness NZ, compromising both employee and customer data. Detected initially on June 26 due to unusual activity, the breach led to the exfiltration of 5.31 gigabytes of data. This incident was disclosed on DragonForce's dark web leak site, with the attackers releasing sensitive documents including invoices, receipts, and personal identification documents. Elite Fitness has since been working with New Zealand's Computer Emergency Response Team and other government agencies to manage the fallout of this attack.
Profile of DragonForce Ransomware Group
DragonForce is a new ransomware group that emerged in late 2023, known for its double extortion tactics. This group has quickly gained notoriety by targeting various industries globally, using a ransomware code derived from the infamous LockBit ransomware group. DragonForce's approach includes threatening to release exfiltrated data publicly if their ransom demands are not met, a strategy that has proven effective in past incidents.
Possible Penetration Methods
While the specific penetration methods used in the Elite Fitness attack have not been disclosed, common tactics employed by groups like DragonForce include phishing, exploitation of software vulnerabilities, and credential stuffing. These methods often allow cybercriminals to bypass traditional security measures and gain unauthorized access to their targets' networks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.