hiveleak attacks Dayton T. Brown, Inc
Incident Date:
March 22, 2022
Overview
Title
hiveleak attacks Dayton T. Brown, Inc
Victim
Dayton T. Brown, Inc
Attacker
Hiveleak
Location
First Reported
March 22, 2022
Dayton T. Brown, Inc. Suffers Ransomware Attack
Company Overview
Dayton T. Brown, Inc., a leading provider of testing services, technical publications, on-demand engineering, and logistical services to military, governmental, commercial, aviation, and aerospace industries, has been targeted by the ransomware group Hiveleak. The attack was announced on the group's dark web leak site, and the victim's website is https://www.dtb.com/.
Dayton T. Brown, Inc. is the largest independent testing laboratory in the U.S. and has been in continuous operation for over 70 years. The company's engineering team is known for tackling complex problems and providing world-class support solutions to clients around the world. DTB engineers, technicians, technical writers, logisticians, and production specialists are experienced, knowledgeable, and professional, ensuring that programs are completed on schedule and within budget.
Industry Standout
Dayton T. Brown, Inc. has a strong reputation in the industry for its expertise in testing services, technical publications, and logistical support. The company's technical writers are considered the best in the business, and its logisticians are experienced in preparing Logistics Management Information (LMI) and other critical logistics deliverables.
Vulnerabilities
The ransomware attack on Dayton T. Brown, Inc. highlights the vulnerabilities that many companies face in the digital age. Hiveleak, the ransomware group responsible for the attack, claimed to have stolen unencrypted data prior to encrypting files. This suggests that the attackers may have exploited vulnerabilities in the company's network or systems to gain access to sensitive data.
Ransomware Threat
Ransomware attacks have become increasingly common and sophisticated, with threat actors using various tactics to gain access to a victim's systems and demand payment in exchange for decrypting the encrypted data. In the case of Dayton T. Brown, Inc., the attackers may have used tools like Cobalt Strike Beacon and QakBot to enable reconnaissance and lateral movement, as well as deploying a variety of ransomware variants.
Mitigation Strategies
To mitigate the risks of ransomware attacks, companies should implement robust cybersecurity measures, such as maintaining offline backups of data, ensuring all backed-up data is encrypted, reviewing the security safeguards of third parties and vendors, and implementing policies that only allow systems to execute known and permitted programs. Additionally, organizations should have a secure recovery plan in place and retain multiple copies of sensitive information.
Sources
- Dayton T. Brown, Inc. Website: https://www.dtb.com/
- Recorded Future Blog: Egregor Ransomware Attacks: https://www.recordedfuture.com/blog/egregor-ransomware-attacks
- FBI Warning: Dual Ransomware Attacks on the Rise: https://www.darkreading.com/threat-intelligence/fbi-highlights-dual-ransomware-attack-in-rising-cybertrends
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.