Skip to main content
close search
site logo

Dragos says it thwarted extortion bid by known ransomware threat group

The hackers accessed limited information by impersonating a new employee, and the cybersecurity firm warns some stolen data may be leaked.

Published May 11, 2023
David Jones's headshot
Reporter
Futuristic electronic semiconductor and telecommunication network concept
Futuristic electronic semiconductor and telecommunication network concept. Danai Jetawattana via Getty Images

Dragos was the target of an extortion attempt this week by a known threat actor, the company said Wednesday. The threat actor gained access by compromising the personal email of a new sales employee before they started working at the cybersecurity firm. 

The hackers impersonated the employee during the onboarding process and gained access to SharePoint and contract management resources. The company said the hackers accessed a report with IP addresses associated with one of its customers, and Dragos officials have reached out to that customer. 

The extortion attempt failed, Dragos said, and none of its systems were breached, including anything related to the Dragos platform. 

Dragos was able to block the compromised account after investigating alerts from its security information and event management system. The company activated an incident response retainer with a top service provider, as well as a third-party monitoring, detection and response provider. 

Dragos said it blocked the threat group from achieving their main goal, which it claims was to deploy ransomware. The hackers were unable to move laterally, escalate privileges, establish persistence or make any alterations to Dragos infrastructure, the company said.

The potential fallout from this incident should be limited, according to Jon Amato, senior director analyst at Gartner.

“The threat to Dragos is more reputational than anything else – for a security company to get hit like this is never a good thing,” Amato said via email. 

However, based on the history of recent incidents involving firms like FireEye, Okta and other security firms, the reputational hit should be short term, Amato said.

After failing to deploy ransomware, the hackers escalated their threats by referencing family members and contacts of Dragos executives, the company said. 

Senior level Dragos employees were contacted via personal email and the hackers also reached out to publicly known contacts of the company.

The stolen data is likely to be made public, Dragos said, because it did not give in to extortion demands. No specific ransom amount was disclosed. 

A spokesperson for Dragos was in the process of responding to queries, but did not have the information in time for publication. 

Using stolen data for extortion is on the increase, according to Ryan Bell, threat intelligence manager at Corvus Insurance.

“A growing number of new groups are now abandoning encryption altogether to focus solely on data theft,” Bell said via email.

Yet to be published research from Corvus Threat Intel shows 27% of new extortion groups engaged in data-theft-only attacks in 2022, compared to 17% in 2021, Bell said.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell