3edcef3f6a845d2d0aec63092415d999
Uncategorized

The Impact of DragonForce Ransomware on a New Zealand Fitness Retailer

Fraud Management & Cybercrime,

Ransomware

A ransomware group that uses locker malware based on the leaked LockBit 3.0 ransomware builder compromised New Zealand’s leading fitness equipment retailer.

See Also: The Cost of Underpreparedness to Your Business

The DragonForce ransomware group, first observed in November 2023, on Tuesday said on its leak site that it stole 5.31 gigabytes of data Elite Fitness.

The Dunedin-based retailer acknowledged the ransomware attack and the subsequent data leak. “Elite Fitness detected unusual activity from an unauthorized third party on one of its systems on the night of Wednesday, 26th June,” a company spokesperson told Cyberdaily.au. “The information leaked unfortunately affects a small list of customers and some staff.”

The fitness equipment retailer did not respond to Information Security Media Group’s request for comment.

The hacking incident occurred not long after the ransomware group victimized Yakult Australia and allegedly stole 95GB of data from the company’s Australian and New Zealand IT systems. The group also claimed it stole more than 400GB of data from Coca-Cola Singapore.

DragonForce’s largest reported heist was a successful attack on Ohio Lottery in December 2023 when it stole more than 1.5 million employee and customer records amounting to 90GB of data. Ohio Lottery said the attack impacted approximately 538,000 individuals.

According to cybersecurity company Cyble, DragonForce uses in its attacks a ransomware binary based on the LockBit Black ransomware, also tracked as LockBit 3.0. A LockBit affiliate in September 2022 leaked the LockBit Black builder code following a fallout with the group’s owners and several cybercrime groups have since used the builder code to customize their ransomware tooling and mount attacks (see: Free Ransomware: LockBit Knockoffs and Imposters Proliferate).

Cyble said in April that DragonForce’s locker malware shares “striking similarities” in code structures and functions with the leaked LockBit ransomware builder.

After infecting a system, the group uses random strings to rename stored files and adds the .AoVOpni2N extension to encrypted files. It also drops a ransom note named AoVOpni2N.README.txt in each directory it accesses.

DragonForce shares its name with a Malaysian hacktivist group that calls itself DragonForce Malaysia. The pro-Palentine group has frequently targeted Israeli organizations to voice its opposition to Israel’s war on Hamas and targeted several Indian organizations in 2022 after a ruling party spokesperson made anti-Muslim remarks (see: India-Based Grab Denies Cyberattack Claim by Malaysia’s DragonForce).

DragonForce Malaysia in 2023 announced plans to create a ransomware operation, but cybersecurity researchers say there is little evidence to attribute the ransomware attacks to the Malaysian group.

“The similar names should not, of course, be considered proof of a connection – and it’s always possible that the name of DragonForce has been chosen intentionally by the ransomware gang to lead investigators off the scent, or as a piece of mischief-making,” said cybersecurity company Tripwire.

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

whitepaper

whitepaper

Governance & Risk Management

Fraud Management & Cybercrime

Artificial Intelligence & Machine Learning

Identity & Access Management

3rd Party Risk Management

Overview

From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:

Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)

Innovative solutions for a better tomorrow.


Discover more from ParJenn Technologies

Subscribe to get the latest posts sent to your email.

HTML Snippets Powered By : XYZScripts.com