Graminex LLC Suffers Major Cyber Attack by DragonForce Group
Incident Date:
September 23, 2024
Overview
Title
Graminex LLC Suffers Major Cyber Attack by DragonForce Group
Victim
Graminex LLC
Attacker
Dragonforce
Location
First Reported
September 23, 2024
DragonForce Ransomware Group Targets Graminex LLC in a Significant Cyber Attack
Graminex LLC, a specialized company in the agriculture sector, has recently fallen victim to a ransomware attack orchestrated by the DragonForce group. This incident highlights the growing threat of cyber attacks on companies across various industries, including those involved in the production of niche health products.
About Graminex LLC
Graminex LLC is a private company headquartered in Saginaw, Michigan, with a significant production facility in Deshler, Ohio. The company is renowned for its solvent-free flower pollen extracts, which are utilized in pharmaceuticals, nutraceuticals, cosmetics, and functional foods. With a workforce of approximately 22 to 26 employees and an annual revenue of around $9 million, Graminex stands out due to its commitment to quality and sustainability. The company manages over 6,500 acres of farmland dedicated to the cultivation of flower pollen, ensuring strict control over its supply chain and product integrity.
Details of the Ransomware Attack
The DragonForce ransomware group has claimed responsibility for the attack on Graminex, asserting that they have exfiltrated 17.18 GB of organizational data. This attack underscores the vulnerabilities that even specialized companies face in the digital age. The attackers likely exploited weaknesses in Graminex's cybersecurity infrastructure, potentially leveraging the company's modest size and resources to infiltrate their systems.
Profile of DragonForce Ransomware Group
DragonForce is a relatively new player in the ransomware landscape, having emerged in late 2023. The group is known for its double extortion tactics, where they encrypt victims' data and exfiltrate sensitive information, threatening to release it publicly if the ransom is not paid. DragonForce has been linked to a Malaysian hacktivist group, although this connection remains unconfirmed. The group distinguishes itself by using a ransomware code based on a leaked builder from the notorious LockBit group, allowing them to quickly develop and deploy their malware.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.