Yang Enterprises Hit by DragonForce Ransomware, 72GB Data Leaked
Incident Date:
August 18, 2024
Overview
Title
Yang Enterprises Hit by DragonForce Ransomware, 72GB Data Leaked
Victim
Yang Enterprises
Attacker
Dragonforce
Location
First Reported
August 18, 2024
DragonForce Ransomware Attack on Yang Enterprises
Yang Enterprises, Inc. (YEI), a diversified technical services company, recently fell victim to a ransomware attack orchestrated by the group known as DragonForce. The attack resulted in the exfiltration of 72.08GB of sensitive data, which was subsequently posted on DragonForce's dark web leak site.
About Yang Enterprises
Founded in 1986 and headquartered in Oviedo, Florida, Yang Enterprises is a high-technology, woman-owned, small disadvantaged company. The firm specializes in providing applied engineering and information technology services to sectors including the U.S. Space Program/NASA, the Department of Defense, and numerous Fortune 500 companies. YEI's core competencies include design and analysis, environmental engineering, test and evaluation, logistics, architecture, and construction management. The company is financially secure and debt-free, with a strong commitment to excellence, customer satisfaction, and ethical practices.
Attack Overview
The ransomware attack on Yang Enterprises was claimed by DragonForce, a relatively new ransomware group that emerged in late 2023. DragonForce employs a double extortion tactic, encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. In this case, DragonForce exfiltrated 72.08GB of data from YEI and posted it on their dark web leak site, DragonLeaks.
About DragonForce
DragonForce is known for its sophisticated double extortion tactics and has claimed a series of high-profile attacks since its emergence. The group uses a combination of encrypting victims' data and exfiltrating sensitive data, threatening to release it publicly if the ransom is not paid. Researchers have found that DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting that DragonForce may have leveraged this code to quickly develop and deploy their own ransomware.
Potential Vulnerabilities
Yang Enterprises' extensive involvement in high-stakes sectors such as space, defense, and telecommunications makes it an attractive target for ransomware groups like DragonForce. The company's reliance on advanced electronic document management systems and computerized maintenance management systems could have provided multiple entry points for the attackers. Additionally, the company's partnerships with government entities and large corporations may have made it a more lucrative target for data exfiltration.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.